diff --git a/charts/sourcegraph/templates/_helpers.tpl b/charts/sourcegraph/templates/_helpers.tpl deleted file mode 100644 index c1671edd..00000000 --- a/charts/sourcegraph/templates/_helpers.tpl +++ /dev/null @@ -1,294 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "sourcegraph.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "sourcegraph.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "sourcegraph.labels" -}} -helm.sh/chart: {{ include "sourcegraph.chart" . }} -{{ include "sourcegraph.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.sourcegraph.labels }} -{{ toYaml .Values.sourcegraph.labels }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "sourcegraph.selectorLabels" -}} -app.kubernetes.io/name: {{ include "sourcegraph.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use - -When calling these partial functions, - -For top-level services, pass in the top-level values: - -{{ include "sourcegraph.serviceAccountName" (list . "frontend") }} - -frontend: - serviceAccount: - create: false - -For nested services, pass in the nested values: - -{{ include "sourcegraph.serviceAccountName" (list .Values.openTelemetry "gateway") }} - -openTelemetry: - gateway: - serviceAccount: - create: false -*/}} -{{- define "sourcegraph.serviceAccountName" -}} -{{- $top := index . 0 }} -{{- if hasKey $top "Values" -}} -{{- $top = index $top "Values" -}} -{{- end -}} -{{- $service := index . 1 }} -{{- $defaultServiceAccountName := (index $top $service "name") }} -{{- default $defaultServiceAccountName (index $top $service "serviceAccount" "name") }} -{{- end -}} - -{{- define "sourcegraph.renderServiceAccountName" -}} -{{- $top := index . 0 }} -{{- if hasKey $top "Values" -}} -{{- $top = index $top "Values" -}} -{{- end -}} -{{- $service := index . 1 }} -{{- if or (index $top $service "serviceAccount" "create") (index $top $service "serviceAccount" "name") }} -serviceAccountName: {{ include "sourcegraph.serviceAccountName" (list $top $service) }} -{{- end -}} -{{- end -}} - -{{- define "sourcegraph.serviceAccountAnnotations" -}} -{{- $top := index . 0 }} -{{- if hasKey $top "Values" -}} -{{- $top = index $top "Values" -}} -{{- end -}} -{{- $service := index . 1 }} -{{- with (index $top $service "serviceAccount" "annotations") }} -annotations: -{{- . | toYaml | trim | nindent 2 }} -{{- end }} -{{- end }} - -{{/* -Create the docker image reference and allow it to be overridden on a per-service basis -Default tags are toggled between a global and service-specific setting by the -useGlobalTagAsDefault configuration -*/}} -{{- define "sourcegraph.image" -}} -{{- $top := index . 0 }} -{{- $service := index . 1 }} -{{- $imageName := (index $top.Values $service "image" "name")}} -{{- $defaultTag := (index $top.Values $service "image" "defaultTag")}} -{{- $defaultTagPrefix := (index $top.Values $service "image" "defaultTagPrefix")}} -{{- if $top.Values.sourcegraph.image.useGlobalTagAsDefault }}{{ $defaultTag = (tpl $top.Values.sourcegraph.image.defaultTag $top) }}{{ end }} - -{{- $top.Values.sourcegraph.image.repository }}/{{ $imageName }}:{{ $defaultTagPrefix }}{{ default $defaultTag (index $top.Values $service "image" "tag") }} -{{- end }} - -{{- define "sourcegraph.nodeSelector" -}} -{{- $top := index . 0 }} -{{- $service := index . 1 }} -{{- $globalNodeSelector := (index $top.Values "sourcegraph" "nodeSelector") }} -{{- $serviceNodeSelector := (index $top.Values $service "nodeSelector") }} -nodeSelector: -{{- if $serviceNodeSelector }} -{{- $serviceNodeSelector | toYaml | trim | nindent 2 }} -{{- else if $globalNodeSelector }} -{{- $globalNodeSelector | toYaml | trim | nindent 2 }} -{{- end }} -{{- end }} - -{{- define "sourcegraph.affinity" -}} -{{- $top := index . 0 }} -{{- $service := index . 1 }} -{{- $globalAffinity := (index $top.Values "sourcegraph" "affinity") }} -{{- $serviceAffinity := (index $top.Values $service "affinity") }} -affinity: -{{- if $serviceAffinity }} -{{- tpl ($serviceAffinity | toYaml) $top | trim | nindent 2 }} -{{- else if $globalAffinity }} -{{- tpl ($globalAffinity | toYaml) $top | trim | nindent 2 }} -{{- end }} -{{- end }} - -{{- define "sourcegraph.tolerations" -}} -{{- $top := index . 0 }} -{{- $service := index . 1 }} -{{- $globalTolerations := (index $top.Values "sourcegraph" "tolerations") }} -{{- $serviceTolerations := (index $top.Values $service "tolerations") }} -tolerations: -{{- if $serviceTolerations }} -{{- $serviceTolerations | toYaml | trim | nindent 2 }} -{{- else if $globalTolerations }} -{{- $globalTolerations | toYaml | trim | nindent 2 }} -{{- end }} -{{- end }} - -{{/* -Jaeger common labels -*/}} -{{- define "sourcegraph.jaeger.labels" -}} -helm.sh/chart: {{ include "sourcegraph.chart" . }} -{{ include "sourcegraph.jaeger.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.sourcegraph.labels }} -{{ toYaml .Values.sourcegraph.labels }} -{{- end }} -{{- end }} - -{{/* -Jaeger selector labels -*/}} -{{- define "sourcegraph.jaeger.selectorLabels" -}} -app.kubernetes.io/name: jaeger -{{- end }} - -{{- define "sourcegraph.openTelemetryEnv" -}} -{{- if .Values.openTelemetry.enabled -}} -# OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable -- name: OTEL_AGENT_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP -- name: OTEL_EXPORTER_OTLP_ENDPOINT - value: http://$(OTEL_AGENT_HOST):{{ toYaml .Values.openTelemetry.agent.hostPorts.grpcOtlp }} -{{- end }} -{{- end }} - -{{- define "sourcegraph.databaseAuth" -}} -{{- $top := index . 0 -}} -{{- $service := index . 1 -}} -{{- $prefix := index . 2 -}} -{{- $secretName := (index $top.Values $service "name") -}} -{{- $secretName := printf "%s-auth" $secretName -}} -{{- if (index $top.Values $service "auth" "existingSecret") }}{{- $secretName = (index $top.Values $service "auth" "existingSecret") }}{{- end -}} -- name: {{ printf "%sDATABASE" $prefix }} - valueFrom: - secretKeyRef: - key: database - name: {{ $secretName }} -- name: {{ printf "%sHOST" $prefix }} - valueFrom: - secretKeyRef: - key: host - name: {{ $secretName }} -- name: {{ printf "%sPASSWORD" $prefix }} - valueFrom: - secretKeyRef: - key: password - name: {{ $secretName }} -- name: {{ printf "%sPORT" $prefix }} - valueFrom: - secretKeyRef: - key: port - name: {{ $secretName }} -- name: {{ printf "%sUSER" $prefix }} - valueFrom: - secretKeyRef: - key: user - name: {{ $secretName }} -- name: {{ printf "%sSSLMODE" $prefix }} - valueFrom: - secretKeyRef: - key: sslmode - name: {{ $secretName }} -{{- end }} - -{{- define "sourcegraph.dataSource" -}} -{{- $top := index . 0 -}} -{{- $service := index . 1 -}} -{{- $secretName := (index $top.Values $service "name") -}} -{{- $secretName := printf "%s-auth" $secretName -}} -{{- if (index $top.Values $service "auth" "existingSecret") }}{{- $secretName = (index $top.Values $service "auth" "existingSecret") }}{{- end -}} -- name: DATA_SOURCE_DB - valueFrom: - secretKeyRef: - key: database - name: {{ $secretName }} -- name: DATA_SOURCE_PASS - valueFrom: - secretKeyRef: - key: password - name: {{ $secretName }} -- name: DATA_SOURCE_PORT - valueFrom: - secretKeyRef: - key: port - name: {{ $secretName }} -- name: DATA_SOURCE_USER - valueFrom: - secretKeyRef: - key: user - name: {{ $secretName }} -- name: DATA_SOURCE_URI - value: "localhost:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable" -{{- end }} - -{{/* -Set redisCache and redisStore endpoints -So that customers can configure them any of these ways: -1. Create a new Kubernetes secret, with default values (default, no override config required) -2. Use an existing Kubernetes secret, by configuring .Values.redisCache.connection.existingSecret -3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true -4. Do not create or use Kubernetes secrets, but pass custom values (ex. external Redis) directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true, .Values.redisCache.connection.endpoint = "", .Values.redisStore.connection.endpoint = "", and defining the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods -*/}} -{{- define "sourcegraph.redisConnection" -}} -{{- if .Values.sourcegraph.disableKubernetesSecrets -}} -{{- if .Values.redisCache.connection.endpoint -}} -- name: REDIS_CACHE_ENDPOINT - value: {{ .Values.redisCache.connection.endpoint }} -{{- end -}} -{{- if .Values.redisStore.connection.endpoint -}} -- name: REDIS_STORE_ENDPOINT - value: {{ .Values.redisStore.connection.endpoint }} -{{- end -}} -{{- else -}} -- name: REDIS_CACHE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: {{ default .Values.redisCache.name .Values.redisCache.connection.existingSecret }} -- name: REDIS_STORE_ENDPOINT - valueFrom: - secretKeyRef: - key: endpoint - name: {{ default .Values.redisStore.name .Values.redisStore.connection.existingSecret }} -{{- end -}} -{{- end -}} - -{{- define "sourcegraph.authChecksum" -}} -{{- $checksum := list .Values.codeInsightsDB.auth -}} -{{- $checksum = append $checksum .Values.codeIntelDB.auth -}} -{{- $checksum = append $checksum .Values.pgsql.auth -}} -checksum/auth: {{ toJson $checksum | sha256sum }} -{{- end -}} - -{{- define "sourcegraph.redisChecksum" -}} -{{- $checksum := list .Values.redisStore.connection -}} -{{- $checksum := append $checksum .Values.redisCache.connection -}} -checksum/redis: {{ toJson $checksum | sha256sum }} -{{- end -}} diff --git a/charts/sourcegraph/templates/_helpers/_chart-name-and-version.tpl b/charts/sourcegraph/templates/_helpers/_chart-name-and-version.tpl new file mode 100644 index 00000000..57ff868d --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_chart-name-and-version.tpl @@ -0,0 +1,13 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "sourcegraph.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sourcegraph.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} diff --git a/charts/sourcegraph/templates/_helpers/_database.tpl b/charts/sourcegraph/templates/_helpers/_database.tpl new file mode 100644 index 00000000..dc1d41e1 --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_database.tpl @@ -0,0 +1,77 @@ +{{- define "sourcegraph.databaseAuth" -}} +{{- $top := index . 0 -}} +{{- $service := index . 1 -}} +{{- $prefix := index . 2 -}} +{{- $secretName := (index $top.Values $service "name") -}} +{{- $secretName := printf "%s-auth" $secretName -}} +{{- if (index $top.Values $service "auth" "existingSecret") }}{{- $secretName = (index $top.Values $service "auth" "existingSecret") }}{{- end -}} +- name: {{ printf "%sDATABASE" $prefix }} + valueFrom: + secretKeyRef: + key: database + name: {{ $secretName }} +- name: {{ printf "%sHOST" $prefix }} + valueFrom: + secretKeyRef: + key: host + name: {{ $secretName }} +- name: {{ printf "%sPASSWORD" $prefix }} + valueFrom: + secretKeyRef: + key: password + name: {{ $secretName }} +- name: {{ printf "%sPORT" $prefix }} + valueFrom: + secretKeyRef: + key: port + name: {{ $secretName }} +- name: {{ printf "%sUSER" $prefix }} + valueFrom: + secretKeyRef: + key: user + name: {{ $secretName }} +- name: {{ printf "%sSSLMODE" $prefix }} + valueFrom: + secretKeyRef: + key: sslmode + name: {{ $secretName }} +{{- end }} + + +{{- define "sourcegraph.dataSource" -}} +{{- $top := index . 0 -}} +{{- $service := index . 1 -}} +{{- $secretName := (index $top.Values $service "name") -}} +{{- $secretName := printf "%s-auth" $secretName -}} +{{- if (index $top.Values $service "auth" "existingSecret") }}{{- $secretName = (index $top.Values $service "auth" "existingSecret") }}{{- end -}} +- name: DATA_SOURCE_DB + valueFrom: + secretKeyRef: + key: database + name: {{ $secretName }} +- name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + key: password + name: {{ $secretName }} +- name: DATA_SOURCE_PORT + valueFrom: + secretKeyRef: + key: port + name: {{ $secretName }} +- name: DATA_SOURCE_USER + valueFrom: + secretKeyRef: + key: user + name: {{ $secretName }} +- name: DATA_SOURCE_URI + value: "localhost:$(DATA_SOURCE_PORT)/$(DATA_SOURCE_DB)?sslmode=disable" +{{- end }} + + +{{- define "sourcegraph.authChecksum" -}} +{{- $checksum := list .Values.codeInsightsDB.auth -}} +{{- $checksum = append $checksum .Values.codeIntelDB.auth -}} +{{- $checksum = append $checksum .Values.pgsql.auth -}} +checksum/auth: {{ toJson $checksum | sha256sum }} +{{- end -}} diff --git a/charts/sourcegraph/templates/_helpers/_image.tpl b/charts/sourcegraph/templates/_helpers/_image.tpl new file mode 100644 index 00000000..922979f9 --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_image.tpl @@ -0,0 +1,15 @@ +{{/* +Create the docker image reference and allow it to be overridden on a per-service basis +Default tags are toggled between a global and service-specific setting by the +useGlobalTagAsDefault configuration +*/}} +{{- define "sourcegraph.image" -}} +{{- $top := index . 0 }} +{{- $service := index . 1 }} +{{- $imageName := (index $top.Values $service "image" "name")}} +{{- $defaultTag := (index $top.Values $service "image" "defaultTag")}} +{{- $defaultTagPrefix := (index $top.Values $service "image" "defaultTagPrefix")}} +{{- if $top.Values.sourcegraph.image.useGlobalTagAsDefault }}{{ $defaultTag = (tpl $top.Values.sourcegraph.image.defaultTag $top) }}{{ end }} + +{{- $top.Values.sourcegraph.image.repository }}/{{ $imageName }}:{{ $defaultTagPrefix }}{{ default $defaultTag (index $top.Values $service "image" "tag") }} +{{- end }} diff --git a/charts/sourcegraph/templates/_helpers/_jaeger.tpl b/charts/sourcegraph/templates/_helpers/_jaeger.tpl new file mode 100644 index 00000000..47aed5a2 --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_jaeger.tpl @@ -0,0 +1,21 @@ +{{/* +Jaeger common labels +*/}} +{{- define "sourcegraph.jaeger.labels" -}} +helm.sh/chart: {{ include "sourcegraph.chart" . }} +{{ include "sourcegraph.jaeger.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.sourcegraph.labels }} +{{ toYaml .Values.sourcegraph.labels }} +{{- end }} +{{- end }} + +{{/* +Jaeger selector labels +*/}} +{{- define "sourcegraph.jaeger.selectorLabels" -}} +app.kubernetes.io/name: jaeger +{{- end }} diff --git a/charts/sourcegraph/templates/_helpers/_labels.tpl b/charts/sourcegraph/templates/_helpers/_labels.tpl new file mode 100644 index 00000000..2300d02f --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_labels.tpl @@ -0,0 +1,22 @@ +{{/* +Common labels +*/}} +{{- define "sourcegraph.labels" -}} +helm.sh/chart: {{ include "sourcegraph.chart" . }} +{{ include "sourcegraph.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.sourcegraph.labels }} +{{ toYaml .Values.sourcegraph.labels }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "sourcegraph.selectorLabels" -}} +app.kubernetes.io/name: {{ include "sourcegraph.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/sourcegraph/templates/_helpers/_opentelemetry.tpl b/charts/sourcegraph/templates/_helpers/_opentelemetry.tpl new file mode 100644 index 00000000..30067101 --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_opentelemetry.tpl @@ -0,0 +1,11 @@ +{{- define "sourcegraph.openTelemetryEnv" -}} +{{- if .Values.openTelemetry.enabled -}} +# OTEL_AGENT_HOST must be defined before OTEL_EXPORTER_OTLP_ENDPOINT to substitute the node IP on which the DaemonSet pod instance runs in the latter variable +- name: OTEL_AGENT_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP +- name: OTEL_EXPORTER_OTLP_ENDPOINT + value: http://$(OTEL_AGENT_HOST):{{ toYaml .Values.openTelemetry.agent.hostPorts.grpcOtlp }} +{{- end }} +{{- end }} diff --git a/charts/sourcegraph/templates/_helpers/_redis.tpl b/charts/sourcegraph/templates/_helpers/_redis.tpl new file mode 100644 index 00000000..fb9b59a1 --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_redis.tpl @@ -0,0 +1,37 @@ +{{/* +Set redisCache and redisStore endpoints +So that customers can configure them any of these ways: +1. Create a new Kubernetes secret, with default values (default, no override config required) +2. Use an existing Kubernetes secret, by configuring .Values.redisCache.connection.existingSecret +3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true +4. Do not create or use Kubernetes secrets, but pass custom values (ex. external Redis) directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true, .Values.redisCache.connection.endpoint = "", .Values.redisStore.connection.endpoint = "", and defining the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods +*/}} +{{- define "sourcegraph.redisConnection" -}} +{{- if .Values.sourcegraph.disableKubernetesSecrets -}} +{{- if .Values.redisCache.connection.endpoint -}} +- name: REDIS_CACHE_ENDPOINT + value: {{ .Values.redisCache.connection.endpoint }} +{{- end -}} +{{- if .Values.redisStore.connection.endpoint -}} +- name: REDIS_STORE_ENDPOINT + value: {{ .Values.redisStore.connection.endpoint }} +{{- end -}} +{{- else -}} +- name: REDIS_CACHE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: {{ default .Values.redisCache.name .Values.redisCache.connection.existingSecret }} +- name: REDIS_STORE_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: {{ default .Values.redisStore.name .Values.redisStore.connection.existingSecret }} +{{- end -}} +{{- end -}} + +{{- define "sourcegraph.redisChecksum" -}} +{{- $checksum := list .Values.redisStore.connection -}} +{{- $checksum := append $checksum .Values.redisCache.connection -}} +checksum/redis: {{ toJson $checksum | sha256sum }} +{{- end -}} diff --git a/charts/sourcegraph/templates/_helpers/_scheduling.tpl b/charts/sourcegraph/templates/_helpers/_scheduling.tpl new file mode 100644 index 00000000..b7354934 --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_scheduling.tpl @@ -0,0 +1,42 @@ +{{- define "sourcegraph.affinity" -}} +{{- $top := index . 0 }} +{{- $service := index . 1 }} +{{- $globalAffinity := (index $top.Values "sourcegraph" "affinity") }} +{{- $serviceAffinity := (index $top.Values $service "affinity") }} +affinity: +{{- if $serviceAffinity }} +{{- tpl ($serviceAffinity | toYaml) $top | trim | nindent 2 }} +{{- else if $globalAffinity }} +{{- tpl ($globalAffinity | toYaml) $top | trim | nindent 2 }} +{{- end }} +{{- end }} + + + +{{- define "sourcegraph.nodeSelector" -}} +{{- $top := index . 0 }} +{{- $service := index . 1 }} +{{- $globalNodeSelector := (index $top.Values "sourcegraph" "nodeSelector") }} +{{- $serviceNodeSelector := (index $top.Values $service "nodeSelector") }} +nodeSelector: +{{- if $serviceNodeSelector }} +{{- $serviceNodeSelector | toYaml | trim | nindent 2 }} +{{- else if $globalNodeSelector }} +{{- $globalNodeSelector | toYaml | trim | nindent 2 }} +{{- end }} +{{- end }} + + + +{{- define "sourcegraph.tolerations" -}} +{{- $top := index . 0 }} +{{- $service := index . 1 }} +{{- $globalTolerations := (index $top.Values "sourcegraph" "tolerations") }} +{{- $serviceTolerations := (index $top.Values $service "tolerations") }} +tolerations: +{{- if $serviceTolerations }} +{{- $serviceTolerations | toYaml | trim | nindent 2 }} +{{- else if $globalTolerations }} +{{- $globalTolerations | toYaml | trim | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/sourcegraph/templates/_helpers/_service-accounts.tpl b/charts/sourcegraph/templates/_helpers/_service-accounts.tpl new file mode 100644 index 00000000..3028f32f --- /dev/null +++ b/charts/sourcegraph/templates/_helpers/_service-accounts.tpl @@ -0,0 +1,54 @@ +{{/* +Create the name of the service account to use + +When calling these partial functions, + +For top-level services, pass in the top-level values: + +{{ include "sourcegraph.serviceAccountName" (list . "frontend") }} + +frontend: + serviceAccount: + create: false + +For nested services, pass in the nested values: + +{{ include "sourcegraph.serviceAccountName" (list .Values.openTelemetry "gateway") }} + +openTelemetry: + gateway: + serviceAccount: + create: false +*/}} +{{- define "sourcegraph.serviceAccountName" -}} +{{- $top := index . 0 }} +{{- if hasKey $top "Values" -}} +{{- $top = index $top "Values" -}} +{{- end -}} +{{- $service := index . 1 }} +{{- $defaultServiceAccountName := (index $top $service "name") }} +{{- default $defaultServiceAccountName (index $top $service "serviceAccount" "name") }} +{{- end -}} + +{{- define "sourcegraph.renderServiceAccountName" -}} +{{- $top := index . 0 }} +{{- if hasKey $top "Values" -}} +{{- $top = index $top "Values" -}} +{{- end -}} +{{- $service := index . 1 }} +{{- if or (index $top $service "serviceAccount" "create") (index $top $service "serviceAccount" "name") }} +serviceAccountName: {{ include "sourcegraph.serviceAccountName" (list $top $service) }} +{{- end -}} +{{- end -}} + +{{- define "sourcegraph.serviceAccountAnnotations" -}} +{{- $top := index . 0 }} +{{- if hasKey $top "Values" -}} +{{- $top = index $top "Values" -}} +{{- end -}} +{{- $service := index . 1 }} +{{- with (index $top $service "serviceAccount" "annotations") }} +annotations: +{{- . | toYaml | trim | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/sourcegraph/templates/NOTES.txt b/charts/sourcegraph/templates/other-resources/NOTES.txt similarity index 100% rename from charts/sourcegraph/templates/NOTES.txt rename to charts/sourcegraph/templates/other-resources/NOTES.txt diff --git a/charts/sourcegraph/templates/extraResources.yaml b/charts/sourcegraph/templates/other-resources/extraResources.yaml similarity index 100% rename from charts/sourcegraph/templates/extraResources.yaml rename to charts/sourcegraph/templates/other-resources/extraResources.yaml diff --git a/charts/sourcegraph/templates/priorityClass.yaml b/charts/sourcegraph/templates/other-resources/priorityClass.yaml similarity index 100% rename from charts/sourcegraph/templates/priorityClass.yaml rename to charts/sourcegraph/templates/other-resources/priorityClass.yaml diff --git a/charts/sourcegraph/templates/storageclass.yaml b/charts/sourcegraph/templates/other-resources/storageclass.yaml similarity index 100% rename from charts/sourcegraph/templates/storageclass.yaml rename to charts/sourcegraph/templates/other-resources/storageclass.yaml diff --git a/charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml b/charts/sourcegraph/templates/redis-cache/redis-cache.Deployment.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-cache.Deployment.yaml rename to charts/sourcegraph/templates/redis-cache/redis-cache.Deployment.yaml diff --git a/charts/sourcegraph/templates/redis/redis-cache.PersistentVolumeClaim.yaml b/charts/sourcegraph/templates/redis-cache/redis-cache.PersistentVolumeClaim.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-cache.PersistentVolumeClaim.yaml rename to charts/sourcegraph/templates/redis-cache/redis-cache.PersistentVolumeClaim.yaml diff --git a/charts/sourcegraph/templates/redis/redis-cache.Secret.yaml b/charts/sourcegraph/templates/redis-cache/redis-cache.Secret.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-cache.Secret.yaml rename to charts/sourcegraph/templates/redis-cache/redis-cache.Secret.yaml diff --git a/charts/sourcegraph/templates/redis/redis-cache.Service.yaml b/charts/sourcegraph/templates/redis-cache/redis-cache.Service.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-cache.Service.yaml rename to charts/sourcegraph/templates/redis-cache/redis-cache.Service.yaml diff --git a/charts/sourcegraph/templates/redis/redis-cache.ServiceAccount.yaml b/charts/sourcegraph/templates/redis-cache/redis-cache.ServiceAccount.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-cache.ServiceAccount.yaml rename to charts/sourcegraph/templates/redis-cache/redis-cache.ServiceAccount.yaml diff --git a/charts/sourcegraph/templates/redis/redis-store.Deployment.yaml b/charts/sourcegraph/templates/redis-store/redis-store.Deployment.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-store.Deployment.yaml rename to charts/sourcegraph/templates/redis-store/redis-store.Deployment.yaml diff --git a/charts/sourcegraph/templates/redis/redis-store.PersistentVolumeClaim.yaml b/charts/sourcegraph/templates/redis-store/redis-store.PersistentVolumeClaim.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-store.PersistentVolumeClaim.yaml rename to charts/sourcegraph/templates/redis-store/redis-store.PersistentVolumeClaim.yaml diff --git a/charts/sourcegraph/templates/redis/redis-store.Secret.yaml b/charts/sourcegraph/templates/redis-store/redis-store.Secret.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-store.Secret.yaml rename to charts/sourcegraph/templates/redis-store/redis-store.Secret.yaml diff --git a/charts/sourcegraph/templates/redis/redis-store.Service.yaml b/charts/sourcegraph/templates/redis-store/redis-store.Service.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-store.Service.yaml rename to charts/sourcegraph/templates/redis-store/redis-store.Service.yaml diff --git a/charts/sourcegraph/templates/redis/redis-store.ServiceAccount.yaml b/charts/sourcegraph/templates/redis-store/redis-store.ServiceAccount.yaml similarity index 100% rename from charts/sourcegraph/templates/redis/redis-store.ServiceAccount.yaml rename to charts/sourcegraph/templates/redis-store/redis-store.ServiceAccount.yaml diff --git a/charts/sourcegraph/templates/tests/test-connection.yaml b/charts/sourcegraph/templates/test-connection/test-connection.yaml similarity index 100% rename from charts/sourcegraph/templates/tests/test-connection.yaml rename to charts/sourcegraph/templates/test-connection/test-connection.yaml diff --git a/charts/sourcegraph/templates/_worker.tpl b/charts/sourcegraph/templates/worker/_worker.tpl similarity index 100% rename from charts/sourcegraph/templates/_worker.tpl rename to charts/sourcegraph/templates/worker/_worker.tpl diff --git a/charts/sourcegraph/tests/cadvisorPrivileged_test.yaml b/charts/sourcegraph/tests/cadvisorPrivileged_test.yaml index 94b8c7fe..541609c8 100644 --- a/charts/sourcegraph/tests/cadvisorPrivileged_test.yaml +++ b/charts/sourcegraph/tests/cadvisorPrivileged_test.yaml @@ -1,6 +1,6 @@ suite: cadvisorPrivileged templates: - - NOTES.txt + - other-resources/NOTES.txt - cadvisor/cadvisor.DaemonSet.yaml tests: - it: should not have the warning text when cadvisor.containerSecurityContext.privileged=true @@ -11,7 +11,7 @@ tests: asserts: - notMatchRegexRaw: pattern: You have set 'cadvisor.containerSecurityContext.privileged' to 'false' - template: NOTES.txt + template: other-resources/NOTES.txt - it: should have the warning text when prometheus.privileged=false set: cadvisor: @@ -20,7 +20,7 @@ tests: asserts: - matchRegexRaw: pattern: You have set 'cadvisor.containerSecurityContext.privileged' to 'false' - template: NOTES.txt + template: other-resources/NOTES.txt - it: should render /dev/kmsg in volumes and volumeMounts when cadvisor.containerSecurityContext.privileged=true set: cadvisor: diff --git a/charts/sourcegraph/tests/nodeExporter_test.yaml b/charts/sourcegraph/tests/nodeExporter_test.yaml index 51f5a82d..fa97ec41 100644 --- a/charts/sourcegraph/tests/nodeExporter_test.yaml +++ b/charts/sourcegraph/tests/nodeExporter_test.yaml @@ -1,6 +1,6 @@ suite: nodeExporter templates: - - NOTES.txt + - other-resources/NOTES.txt - node-exporter/node-exporter.ClusterRole.yaml - node-exporter/node-exporter.ClusterRoleBinding.yaml - node-exporter/node-exporter.DaemonSet.yaml @@ -9,7 +9,7 @@ templates: - node-exporter/node-exporter.ServiceAccount.yaml tests: - it: should render the DaemonSet and Service if node-exporter is enabled - set: + set: nodeExporter: enabled: true asserts: @@ -25,11 +25,11 @@ tests: template: node-exporter/node-exporter.Service.yaml - it: should not render any resources if node-exporter is disabled - set: + set: nodeExporter: enabled: false asserts: - - hasDocuments: + - hasDocuments: count: 0 templates: - node-exporter/node-exporter.ClusterRole.yaml @@ -41,25 +41,25 @@ tests: - it: should not render the PodSecurityPolicy, Service Accounts, and ClusterRoles by default asserts: - - hasDocuments: + - hasDocuments: count: 0 template: node-exporter/node-exporter.PodSecurityPolicy.yaml - - hasDocuments: + - hasDocuments: count: 0 template: node-exporter/node-exporter.ClusterRole.yaml - - hasDocuments: + - hasDocuments: count: 0 template: node-exporter/node-exporter.ClusterRoleBinding.yaml - - hasDocuments: + - hasDocuments: count: 0 template: node-exporter/node-exporter.ServiceAccount.yaml - it: should render the PodSecurityPolicy, ServiceAccounts, and ClusterRoles if PodSecurityPolicy + Service Accounts are enabled - set: + set: nodeExporter: serviceAccount: create: true - podSecurityPolicy: + podSecurityPolicy: enabled: true asserts: - containsDocument: @@ -82,9 +82,9 @@ tests: apiVersion: rbac.authorization.k8s.io/v1 name: node-exporter template: node-exporter/node-exporter.ClusterRoleBinding.yaml - + - it: should add the ServiceAccount name to the DaemonSet spec if the ServiceAccount is enabled - set: + set: nodeExporter: serviceAccount: create: true @@ -94,9 +94,9 @@ tests: path: spec.template.spec.serviceAccountName value: "test-service-account-name" template: node-exporter/node-exporter.DaemonSet.yaml - + - it: should add not the ServiceAccount name to the DaemonSet spec if the ServiceAccount is disabled - set: + set: nodeExporter: serviceAccount: create: false @@ -105,30 +105,30 @@ tests: - notExists: path: spec.template.spec.serviceAccountName template: node-exporter/node-exporter.DaemonSet.yaml - + - it: should fail to render if the PodSecurityPolicy is enabled, but the ServiceAccount isn't - set: + set: nodeExporter: serviceAccount: create: false - podSecurityPolicy: + podSecurityPolicy: enabled: true asserts: - failedTemplate: errorMessage: "Node Exporter's service account must be enabled in order to use its pod security policy (set 'nodeExporter.ServiceAccount.create' to true)" template: node-exporter/node-exporter.PodSecurityPolicy.yaml - - it: should not render the podSecurityPolicy if disabled - set: + - it: should not render the podSecurityPolicy if disabled + set: nodeExporter: - podSecurityPolicy: + podSecurityPolicy: enabled: false asserts: - hasDocuments: count: 0 template: node-exporter/node-exporter.PodSecurityPolicy.yaml - - - it: should ensure that the namespace is properly propagated to the cluster role binding + + - it: should ensure that the namespace is properly propagated to the cluster role binding release: namespace: "my-test-namespace" set: @@ -151,16 +151,16 @@ tests: create: true podSecurityPolicy: enabled: true - asserts: - - equal: + asserts: + - equal: path: spec.template.spec.hostPID value: true template: node-exporter/node-exporter.DaemonSet.yaml - - equal: + - equal: path: spec.hostPID value: true template: node-exporter/node-exporter.PodSecurityPolicy.yaml - + - it: should propagate host PID settings to both the daemonset and podSecurityPolicy set: nodeExporter: @@ -170,12 +170,12 @@ tests: create: true podSecurityPolicy: enabled: true - asserts: - - equal: + asserts: + - equal: path: spec.template.spec.hostPID value: false template: node-exporter/node-exporter.DaemonSet.yaml - - equal: + - equal: path: spec.hostPID value: false template: node-exporter/node-exporter.PodSecurityPolicy.yaml @@ -184,34 +184,34 @@ tests: set: nodeExporter: enabled: true - asserts: + asserts: - notMatchRegexRaw: pattern: You have set 'nodeExporter.enabled' to 'false' - template: NOTES.txt - + template: other-resources/NOTES.txt + - it: should generate warnings if node-exporter is disabled set: nodeExporter: enabled: false - asserts: + asserts: - matchRegexRaw: pattern: You have set 'nodeExporter.enabled' to 'false' - template: NOTES.txt + template: other-resources/NOTES.txt - it: should not generate warnings if hostPID is true set: nodeExporter: hostPID: true - asserts: + asserts: - notMatchRegexRaw: pattern: You have set 'nodeExporter.hostPID' to 'false' - template: NOTES.txt + template: other-resources/NOTES.txt - - it: should generate warnings if hostPID is false + - it: should generate warnings if hostPID is false set: nodeExporter: hostPID: false - asserts: + asserts: - matchRegexRaw: pattern: You have set 'nodeExporter.hostPID' to 'false' - template: NOTES.txt + template: other-resources/NOTES.txt diff --git a/charts/sourcegraph/tests/priorityClass_test.yaml b/charts/sourcegraph/tests/priorityClass_test.yaml index 9b64600e..58d22bd3 100644 --- a/charts/sourcegraph/tests/priorityClass_test.yaml +++ b/charts/sourcegraph/tests/priorityClass_test.yaml @@ -4,7 +4,7 @@ release: namespace: sourcegraph tests: - it: should render single priority class - template: priorityClass.yaml + template: other-resources/priorityClass.yaml set: priorityClasses: - name: gitserver-class @@ -25,7 +25,7 @@ tests: path: description value: "gitserver priority class" - it: should render two priority classes - template: priorityClass.yaml + template: other-resources/priorityClass.yaml set: priorityClasses: - name: gitserver-class @@ -97,7 +97,7 @@ tests: path: spec.template.spec.priorityClassName value: searcher-class - it: set priority class on redisCache - template: redis/redis-cache.Deployment.yaml + template: redis-cache/redis-cache.Deployment.yaml set: redisCache: priorityClassName: redis-cache-class @@ -106,7 +106,7 @@ tests: path: spec.template.spec.priorityClassName value: redis-cache-class - it: set priority class on redisStore - template: redis/redis-store.Deployment.yaml + template: redis-store/redis-store.Deployment.yaml set: redisStore: priorityClassName: redis-store-class diff --git a/charts/sourcegraph/tests/prometheusPrivileged_test.yaml b/charts/sourcegraph/tests/prometheusPrivileged_test.yaml index f82e1d8a..7a84e52a 100644 --- a/charts/sourcegraph/tests/prometheusPrivileged_test.yaml +++ b/charts/sourcegraph/tests/prometheusPrivileged_test.yaml @@ -1,6 +1,6 @@ suite: prometheusPrivileged templates: - - NOTES.txt + - other-resources/NOTES.txt tests: - it: should not have the warning text when prometheus.privileged=true set: diff --git a/charts/sourcegraph/tests/storageClass_test.yaml b/charts/sourcegraph/tests/storageClass_test.yaml index 04758ecb..f3f06c34 100644 --- a/charts/sourcegraph/tests/storageClass_test.yaml +++ b/charts/sourcegraph/tests/storageClass_test.yaml @@ -1,6 +1,6 @@ suite: storageClass templates: -- storageclass.yaml +- other-resources/storageclass.yaml tests: - it: should have parameters rendered when storageClass.parameters.zones=us-central1-f set: