From 43680a0ecfdcc4ed6df404c01724079e7f656d21 Mon Sep 17 00:00:00 2001 From: Cameron Hunter <56208139+chunter0@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:39:10 -0500 Subject: [PATCH] Add support for `extraVolumes/extraVolumeMounts` (#583) * Add support for `extraVolumes/extraVolumeMounts` * changelog --- Makefile | 19 +- changelog/v0.40.7/issue-582.yaml | 6 + codegen/cmd_test.go | 234 ++++++++++++++++++ .../chart/operator-deployment.yamltmpl | 16 +- .../chart-no-desc/templates/deployment.yaml | 6 + codegen/test/chart/all-volumes/Chart.yaml | 8 + .../chart/all-volumes/templates/_helpers.tpl | 54 ++++ .../all-volumes/templates/deployment.yaml | 160 ++++++++++++ .../chart/all-volumes/templates/rbac.yaml | 2 + codegen/test/chart/all-volumes/values.yaml | 18 ++ .../templates/deployment.yaml | 6 + .../test/chart/conditional-volumes/Chart.yaml | 8 + .../templates/_helpers.tpl | 54 ++++ .../templates/deployment.yaml | 155 ++++++++++++ .../conditional-volumes/templates/rbac.yaml | 2 + .../chart/conditional-volumes/values.yaml | 18 ++ codegen/test/chart/extra-volumes/Chart.yaml | 8 + .../extra-volumes/templates/_helpers.tpl | 54 ++++ .../extra-volumes/templates/deployment.yaml | 138 +++++++++++ .../chart/extra-volumes/templates/rbac.yaml | 2 + codegen/test/chart/extra-volumes/values.yaml | 18 ++ codegen/test/chart/static-volumes/Chart.yaml | 8 + .../static-volumes/templates/_helpers.tpl | 54 ++++ .../static-volumes/templates/deployment.yaml | 151 +++++++++++ .../chart/static-volumes/templates/rbac.yaml | 2 + codegen/test/chart/static-volumes/values.yaml | 18 ++ 26 files changed, 1212 insertions(+), 7 deletions(-) create mode 100644 changelog/v0.40.7/issue-582.yaml create mode 100644 codegen/test/chart/all-volumes/Chart.yaml create mode 100644 codegen/test/chart/all-volumes/templates/_helpers.tpl create mode 100644 codegen/test/chart/all-volumes/templates/deployment.yaml create mode 100644 codegen/test/chart/all-volumes/templates/rbac.yaml create mode 100644 codegen/test/chart/all-volumes/values.yaml create mode 100644 codegen/test/chart/conditional-volumes/Chart.yaml create mode 100644 codegen/test/chart/conditional-volumes/templates/_helpers.tpl create mode 100644 codegen/test/chart/conditional-volumes/templates/deployment.yaml create mode 100644 codegen/test/chart/conditional-volumes/templates/rbac.yaml create mode 100644 codegen/test/chart/conditional-volumes/values.yaml create mode 100644 codegen/test/chart/extra-volumes/Chart.yaml create mode 100644 codegen/test/chart/extra-volumes/templates/_helpers.tpl create mode 100644 codegen/test/chart/extra-volumes/templates/deployment.yaml create mode 100644 codegen/test/chart/extra-volumes/templates/rbac.yaml create mode 100644 codegen/test/chart/extra-volumes/values.yaml create mode 100644 codegen/test/chart/static-volumes/Chart.yaml create mode 100644 codegen/test/chart/static-volumes/templates/_helpers.tpl create mode 100644 codegen/test/chart/static-volumes/templates/deployment.yaml create mode 100644 codegen/test/chart/static-volumes/templates/rbac.yaml create mode 100644 codegen/test/chart/static-volumes/values.yaml diff --git a/Makefile b/Makefile index 1dabe93a0..2e89e6be7 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,7 @@ install-go-tools: mod-download go install github.com/golang/mock/mockgen@v1.4.4 go install github.com/onsi/ginkgo/v2/ginkgo@v2.9.5 go install golang.org/x/tools/cmd/goimports + go install sigs.k8s.io/kind/cmd/kind@v0.17.0 # proto compiler installation PROTOC_VERSION:=3.15.8 @@ -74,18 +75,26 @@ generate-changelog: # set TEST_PKG to run a specific test package .PHONY: run-tests run-tests: - PATH=$(DEPSGOBIN):$$PATH ginkgo -r -failFast -trace -progress \ - -progress \ + PATH=$(DEPSGOBIN):$$PATH ginkgo -r --fail-fast -trace \ + --show-node-events \ -compilers=4 \ - -skipPackage=$(SKIP_PACKAGES) $(TEST_PKG) \ + $(GINKGO_FLAGS) \ + --skip-package=$(SKIP_PACKAGES) $(TEST_PKG) \ -failOnPending \ -randomizeAllSpecs \ -randomizeSuites \ -keepGoing $(DEPSGOBIN)/goimports -w . -run-test: - PATH=$(DEPSGOBIN):$$PATH ginkgo $(GINKGO_FLAGS) $(TEST_PKG) +test-clusters: + @kind create cluster --name skv2-test-master 2> /dev/null || true + @kind create cluster --name skv2-test-remote 2> /dev/null || true + +# CI workflow for running tests +run-all: REMOTE_CLUSTER_CONTEXT ?= kind-skv2-test-remote +run-all: test-clusters + @go test ./... + @goimports -w . #---------------------------------------------------------------------------------- # Third Party License Management diff --git a/changelog/v0.40.7/issue-582.yaml b/changelog/v0.40.7/issue-582.yaml new file mode 100644 index 000000000..cf49aac77 --- /dev/null +++ b/changelog/v0.40.7/issue-582.yaml @@ -0,0 +1,6 @@ +changelog: + - type: NEW_FEATURE + issueLink: https://github.com/solo-io/skv2/issues/582 + description: > + Support extraVolumes/extraVolumeMounts fields which can be passed in by the user from helm values. + skipCI: "false" diff --git a/codegen/cmd_test.go b/codegen/cmd_test.go index c9e398851..7102be41d 100644 --- a/codegen/cmd_test.go +++ b/codegen/cmd_test.go @@ -44,6 +44,240 @@ var _ = Describe("Cmd", func() { "encoding/protobuf/cue/cue.proto", } + { + type TestEntry struct { + name string + values any + staticVolumes []v1.Volume + conditionalVolumes []ConditionalVolume + staticVolumeMounts []v1.VolumeMount + conditionalVolumeMounts []ConditionalVolumeMount + } + + DescribeTable( + "extraVolume/extraVolumeMounts", + Ordered, func(entry TestEntry, expectedVolumes, expectedVolumeMounts int) { + cmd := &Command{ + Chart: &Chart{ + Data: Data{ + ApiVersion: "v1", + Description: "", + Name: "Painting Operator", + Version: "v0.0.1", + Home: "https://docs.solo.io/skv2/latest", + Sources: []string{ + "https://github.com/solo-io/skv2", + }, + }, + Operators: []Operator{{ + Name: "painter", + Deployment: Deployment{ + Container: Container{ + Image: Image{ + Tag: "v0.0.0", + Repository: "painter", + Registry: "quay.io/solo-io", + PullPolicy: "IfNotPresent", + }, + VolumeMounts: entry.staticVolumeMounts, + ConditionalVolumeMounts: entry.conditionalVolumeMounts, + }, + Volumes: entry.staticVolumes, + ConditionalVolumes: entry.conditionalVolumes, + }, + }}, + }, + ManifestRoot: fmt.Sprintf("codegen/test/chart/%s", entry.name), + } + Expect(cmd.Execute()).NotTo(HaveOccurred(), "failed to execute command") + + manifests := helmTemplate(fmt.Sprintf("./test/chart/%s", entry.name), entry.values) + + var ( + renderedDeployment *appsv1.Deployment + decoder = kubeyaml.NewYAMLOrJSONDecoder(bytes.NewBuffer(manifests), 4096) + ) + for { + var deployment appsv1.Deployment + if err := decoder.Decode(&deployment); errors.Is(err, io.EOF) { + break + } + + if deployment.GetName() == "painter" && deployment.Kind == "Deployment" { + renderedDeployment = &deployment + break + } + } + + Expect(renderedDeployment.Spec.Template.Spec.Volumes).To(HaveLen(expectedVolumes)) + + Expect(renderedDeployment.Spec.Template.Spec.Containers).To(HaveLen(1)) + + Expect(renderedDeployment.Spec.Template.Spec.Containers[0].VolumeMounts).To(HaveLen(expectedVolumes)) + }, + Entry( + "empty with no volumes", + TestEntry{ + name: "extra-volumes", + values: map[string]any{ + "painter": map[string]any{ + "enabled": true, + "extraVolumes": []v1.Volume{{ + Name: "extra-certs", + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: "extra-secret", + }, + }, + }}, + "extraVolumeMounts": []v1.VolumeMount{{ + Name: "extra-certs", + MountPath: "/etc/ssl/certs", + }}, + }, + }, + }, + 0, + 0, + ), + Entry( + "with static volumes", + TestEntry{ + name: "static-volumes", + values: map[string]any{ + "painter": map[string]any{ + "enabled": true, + "extraVolumes": []v1.Volume{{ + Name: "extra-certs", + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: "extra-secret", + }, + }, + }}, + "extraVolumeMounts": []v1.VolumeMount{{ + Name: "extra-certs", + MountPath: "/etc/ssl/extra", + }}, + }, + }, + staticVolumes: []v1.Volume{{ + Name: "static-certs", + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: "static-secret", + }, + }, + }}, + staticVolumeMounts: []v1.VolumeMount{{ + Name: "static-certs", + MountPath: "/var/run/secret/static", + }}, + }, + 2, + 2, + ), + Entry( + "with conditional volumes", + TestEntry{ + name: "conditional-volumes", + values: map[string]any{ + "painter": map[string]any{ + "enabled": true, + "extraVolumes": []v1.Volume{{ + Name: "extra-certs", + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: "extra-secret", + }, + }, + }}, + "extraVolumeMounts": []v1.VolumeMount{{ + Name: "extra-certs", + MountPath: "/etc/ssl/extra", + }}, + }, + }, + conditionalVolumes: []ConditionalVolume{{ + Condition: ".Values.painter.enabled", + Volume: v1.Volume{ + Name: "conditional-certs", + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: "conditional-secret", + }, + }, + }, + }}, + conditionalVolumeMounts: []ConditionalVolumeMount{{ + Condition: ".Values.painter.enabled", + VolumeMount: v1.VolumeMount{ + Name: "conditional-certs", + MountPath: "/var/run/secret/conditional", + }, + }}, + }, + 2, + 2, + ), + Entry( + "with all volumes", + TestEntry{ + name: "all-volumes", + values: map[string]any{ + "painter": map[string]any{ + "enabled": true, + "extraVolumes": []v1.Volume{{ + Name: "extra-certs", + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: "extra-secret", + }, + }, + }}, + "extraVolumeMounts": []v1.VolumeMount{{ + Name: "extra-certs", + MountPath: "/etc/ssl/extra", + }}, + }, + }, + staticVolumes: []v1.Volume{{ + Name: "static-certs", + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: "static-secret", + }, + }, + }}, + conditionalVolumes: []ConditionalVolume{{ + Condition: ".Values.painter.enabled", + Volume: v1.Volume{ + Name: "conditional-certs", + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: "conditional-secret", + }, + }, + }, + }}, + staticVolumeMounts: []v1.VolumeMount{{ + Name: "static-certs", + MountPath: "/var/run/secret/static", + }}, + conditionalVolumeMounts: []ConditionalVolumeMount{{ + Condition: ".Values.painter.enabled", + VolumeMount: v1.VolumeMount{ + Name: "conditional-certs", + MountPath: "/var/run/secret/conditional", + }, + }}, + }, + 3, + 3, + ), + ) + } + Describe("image pull secrets", Ordered, func() { BeforeAll(func() { cmd := &Command{ diff --git a/codegen/templates/chart/operator-deployment.yamltmpl b/codegen/templates/chart/operator-deployment.yamltmpl index 8dba0c273..a6d1aa26d 100644 --- a/codegen/templates/chart/operator-deployment.yamltmpl +++ b/codegen/templates/chart/operator-deployment.yamltmpl @@ -105,9 +105,15 @@ spec: [[- end ]] [[- if $volumes ]] volumes: -[[ toYaml $volumes | indent 6 ]] + [[- toYaml $volumes | nindent 6 ]] + {{- if [[ (opVar $operator) ]].extraVolumes }} + {{- tpl (toYaml [[ (opVar $operator) ]].extraVolumes) . | nindent 6 }} + {{- end }} [[- else if $conditionalVolumes ]] volumes: + {{- if [[ (opVar $operator) ]].extraVolumes }} + {{- tpl (toYaml [[ (opVar $operator) ]].extraVolumes) . | nindent 6 }} + {{- end }} [[- end ]] [[- range $v := $conditionalVolumes ]] {{- if [[ $v.Condition ]] }} @@ -178,9 +184,15 @@ spec: {{- end }} [[- if $container.VolumeMounts ]] volumeMounts: -[[ toYaml $container.VolumeMounts | indent 8 ]] + [[- toYaml $container.VolumeMounts | nindent 8 ]] + {{- if [[ (opVar $operator) ]].extraVolumeMounts }} + {{- tpl (toYaml [[ (opVar $operator) ]].extraVolumeMounts) . | nindent 8 }} + {{- end }} [[- else if $container.ConditionalVolumeMounts ]] volumeMounts: + {{- if [[ (opVar $operator) ]].extraVolumeMounts }} + {{- tpl (toYaml [[ (opVar $operator) ]].extraVolumeMounts) . | nindent 8 }} + {{- end }} [[- end ]] [[- range $v := $container.ConditionalVolumeMounts ]] {{- if [[ $v.Condition ]] }} diff --git a/codegen/test/chart-no-desc/templates/deployment.yaml b/codegen/test/chart-no-desc/templates/deployment.yaml index a31907c0f..55a4d45c3 100644 --- a/codegen/test/chart-no-desc/templates/deployment.yaml +++ b/codegen/test/chart-no-desc/templates/deployment.yaml @@ -42,6 +42,9 @@ spec: volumes: - emptyDir: {} name: paint + {{- if $.Values.painter.extraVolumes }} + {{- tpl (toYaml $.Values.painter.extraVolumes) . | nindent 6 }} + {{- end }} containers: {{- $painter := $.Values.painter }} {{- $painterImage := $painter.image }} @@ -116,6 +119,9 @@ spec: volumeMounts: - mountPath: /etc/paint name: paint + {{- if $.Values.painter.extraVolumeMounts }} + {{- tpl (toYaml $.Values.painter.extraVolumeMounts) . | nindent 8 }} + {{- end }} resources: {{- if $palette.resources }} {{ toYaml $palette.resources | indent 10}} diff --git a/codegen/test/chart/all-volumes/Chart.yaml b/codegen/test/chart/all-volumes/Chart.yaml new file mode 100644 index 000000000..01037b07a --- /dev/null +++ b/codegen/test/chart/all-volumes/Chart.yaml @@ -0,0 +1,8 @@ +# Code generated by skv2. DO NOT EDIT. + +apiVersion: v1 +home: https://docs.solo.io/skv2/latest +name: Painting Operator +sources: +- https://github.com/solo-io/skv2 +version: v0.0.1 diff --git a/codegen/test/chart/all-volumes/templates/_helpers.tpl b/codegen/test/chart/all-volumes/templates/_helpers.tpl new file mode 100644 index 000000000..0c155a127 --- /dev/null +++ b/codegen/test/chart/all-volumes/templates/_helpers.tpl @@ -0,0 +1,54 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{/* Below are library functions provided by skv2 */}} + +{{- /* + +"skv2.utils.merge" takes an array of three values: +- the top context +- the yaml block that will be merged in (override) +- the name of the base template (source) + +note: the source must be a named template (helm partial). This is necessary for the merging logic. + +The behaviour is as follows, to align with already existing helm behaviour: +- If no source is found (template is empty), the merged output will be empty +- If no overrides are specified, the source is rendered as is +- If overrides are specified and source is not empty, overrides will be merged in to the source. + +Overrides can replace / add to deeply nested dictionaries, but will completely replace lists. +Examples: + +┌─────────────────────┬───────────────────────┬────────────────────────┐ +│ Source (template) │ Overrides │ Result │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ metadata: │ metadata: │ metadata: │ +│ labels: │ labels: │ labels: │ +│ app: gloo │ app: gloo1 │ app: gloo1 │ +│ cluster: useast │ author: infra-team │ author: infra-team │ +│ │ │ cluster: useast │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ lists: │ lists: │ lists: │ +│ groceries: │ groceries: │ groceries: │ +│ - apple │ - grapes │ - grapes │ +│ - banana │ │ │ +└─────────────────────┴───────────────────────┴────────────────────────┘ + +skv2.utils.merge is a fork of a helm library chart function (https://github.com/helm/charts/blob/master/incubator/common/templates/_util.tpl). +This includes some optimizations to speed up chart rendering time, and merges in a value (overrides) with a named template, unlike the upstream +version, which merges two named templates. + +*/ -}} +{{- define "skv2.utils.merge" -}} +{{- $top := first . -}} +{{- $overrides := (index . 1) -}} +{{- $tpl := fromYaml (include (index . 2) $top) -}} +{{- if or (empty $overrides) (empty $tpl) -}} +{{ include (index . 2) $top }} {{/* render source as is */}} +{{- else -}} +{{- $merged := merge $overrides $tpl -}} +{{- toYaml $merged -}} {{/* render source with overrides as YAML */}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/codegen/test/chart/all-volumes/templates/deployment.yaml b/codegen/test/chart/all-volumes/templates/deployment.yaml new file mode 100644 index 000000000..4b48961cd --- /dev/null +++ b/codegen/test/chart/all-volumes/templates/deployment.yaml @@ -0,0 +1,160 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{- $painter := $.Values.painter }} +--- + +{{- define "painter.deploymentSpec" }} +# Deployment manifest for painter + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +spec: + selector: + matchLabels: + app: painter + template: + metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + spec: + serviceAccountName: painter + {{- /* Override the default podSecurityContext config if it is set. */}} +{{- if or ($.Values.painter.podSecurityContext) (eq "map[]" (printf "%v" $.Values.painter.podSecurityContext)) }} + securityContext: +{{ toYaml $.Values.painter.podSecurityContext | indent 8 }} +{{- end }} + volumes: + - name: static-certs + secret: + secretName: static-secret + {{- if $.Values.painter.extraVolumes }} + {{- tpl (toYaml $.Values.painter.extraVolumes) . | nindent 6 }} + {{- end }} +{{- if .Values.painter.enabled }} + - name: conditional-certs + secret: + secretName: conditional-secret +{{- end }} + containers: +{{- $painter := $.Values.painter }} +{{- $painterImage := $painter.image }} + - name: painter + image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} + imagePullPolicy: {{ $painterImage.pullPolicy }} + {{- if or $painter.env $painter.extraEnvs }} + env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} +{{- end }} +{{- range $name, $item := $painter.extraEnvs }} + - name: {{ $name }} + {{- $item | toYaml | nindent 12 }} +{{- end }} + volumeMounts: + - mountPath: /var/run/secret/static + name: static-certs + {{- if $.Values.painter.extraVolumeMounts }} + {{- tpl (toYaml $.Values.painter.extraVolumeMounts) . | nindent 8 }} + {{- end }} +{{- if .Values.painter.enabled }} + - mountPath: /var/run/secret/conditional + name: conditional-certs +{{- end }} + resources: +{{- if $painter.resources }} +{{ toYaml $painter.resources | indent 10}} +{{- else}} + requests: + cpu: 500m + memory: 256Mi +{{- end }} + {{- /* + Render securityContext configs if it is set. + If securityContext is not set, render the default securityContext. + If securityContext is set to 'false', render an empty map. + */}} + securityContext: +{{- if or ($painter.securityContext) (eq "map[]" (printf "%v" $painter.securityContext)) }} +{{ toYaml $painter.securityContext | indent 10}} +{{/* Because securityContext is nil by default we can only perform following conversion if it is a boolean. Skip conditional otherwise. */}} +{{- else if eq (ternary $painter.securityContext true (eq "bool" (printf "%T" $painter.securityContext))) false }} + {} +{{- else}} + runAsNonRoot: true + {{- if not $painter.floatingUserId }} + runAsUser: {{ printf "%.0f" (float64 $painter.runAsUser) }} + {{- end }} + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +{{- end }} +{{- $pullSecrets := (list) -}} +{{- if $painterImage.pullSecret }} + {{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}} +{{- end }} +{{- if $painter.imagePullSecrets }} + {{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}} +{{- end }} +{{- if gt (len $pullSecrets) 0 -}} + {{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }} +{{- end }} +{{- end }} {{/* define "painter.deploymentSpec" */}} + +{{/* Render painter deployment template with overrides from values*/}} +{{ if $painter.enabled }} +{{- $painterDeploymentOverrides := dict }} +{{- if $painter.deploymentOverrides }} +{{- $painterDeploymentOverrides = $painter.deploymentOverrides }} +{{- end }} +--- +{{ include "skv2.utils.merge" (list . $painterDeploymentOverrides "painter.deploymentSpec") }} +{{- end }} +--- +{{ if $painter.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: painter + {{- if $painter.serviceAccount}} + {{- if $painter.serviceAccount.extraAnnotations }} + annotations: + {{- range $key, $value := $painter.serviceAccount.extraAnnotations }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + {{- end}} + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +{{- end }} + + +{{- define "painter.serviceSpec"}} + +{{- end }} {{/* define "painter.serviceSpec" */}} +{{ if $painter.enabled }} +{{/* Render painter service template with overrides from values*/}} +{{- $painterServiceOverrides := dict }} +{{- if $painter.serviceOverrides }} +{{- $painterServiceOverrides = $painter.serviceOverrides }} +{{- end }} + +--- + +{{ include "skv2.utils.merge" (list . $painterServiceOverrides "painter.serviceSpec") }} +{{- end }} + diff --git a/codegen/test/chart/all-volumes/templates/rbac.yaml b/codegen/test/chart/all-volumes/templates/rbac.yaml new file mode 100644 index 000000000..feb93b669 --- /dev/null +++ b/codegen/test/chart/all-volumes/templates/rbac.yaml @@ -0,0 +1,2 @@ +# Code generated by skv2. DO NOT EDIT. + diff --git a/codegen/test/chart/all-volumes/values.yaml b/codegen/test/chart/all-volumes/values.yaml new file mode 100644 index 000000000..3796fee5e --- /dev/null +++ b/codegen/test/chart/all-volumes/values.yaml @@ -0,0 +1,18 @@ +# Code generated by skv2. DO NOT EDIT. + +painter: + deploymentOverrides: null + env: null + extraEnvs: {} + floatingUserId: false + image: + pullPolicy: IfNotPresent + registry: quay.io/solo-io + repository: painter + tag: v0.0.0 + ports: {} + runAsUser: 10101 + serviceOverrides: null + serviceType: "" + sidecars: {} + diff --git a/codegen/test/chart/conditional-sidecar/templates/deployment.yaml b/codegen/test/chart/conditional-sidecar/templates/deployment.yaml index 55258ab47..79080f47b 100644 --- a/codegen/test/chart/conditional-sidecar/templates/deployment.yaml +++ b/codegen/test/chart/conditional-sidecar/templates/deployment.yaml @@ -38,6 +38,9 @@ spec: - name: license-keys secret: secretName: license-keys + {{- if $.Values.glooMgmtServer.extraVolumes }} + {{- tpl (toYaml $.Values.glooMgmtServer.extraVolumes) . | nindent 6 }} + {{- end }} {{ if and ($.Values.glooAgent.enabled) ($.Values.glooAgent.runAsSidecar) }} - name: agent-volume secret: @@ -77,6 +80,9 @@ spec: - mountPath: /etc/gloo-mesh/license-keys name: license-keys readOnly: true + {{- if $.Values.glooMgmtServer.extraVolumeMounts }} + {{- tpl (toYaml $.Values.glooMgmtServer.extraVolumeMounts) . | nindent 8 }} + {{- end }} resources: {{- if $glooMgmtServer.resources }} {{ toYaml $glooMgmtServer.resources | indent 10}} diff --git a/codegen/test/chart/conditional-volumes/Chart.yaml b/codegen/test/chart/conditional-volumes/Chart.yaml new file mode 100644 index 000000000..01037b07a --- /dev/null +++ b/codegen/test/chart/conditional-volumes/Chart.yaml @@ -0,0 +1,8 @@ +# Code generated by skv2. DO NOT EDIT. + +apiVersion: v1 +home: https://docs.solo.io/skv2/latest +name: Painting Operator +sources: +- https://github.com/solo-io/skv2 +version: v0.0.1 diff --git a/codegen/test/chart/conditional-volumes/templates/_helpers.tpl b/codegen/test/chart/conditional-volumes/templates/_helpers.tpl new file mode 100644 index 000000000..0c155a127 --- /dev/null +++ b/codegen/test/chart/conditional-volumes/templates/_helpers.tpl @@ -0,0 +1,54 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{/* Below are library functions provided by skv2 */}} + +{{- /* + +"skv2.utils.merge" takes an array of three values: +- the top context +- the yaml block that will be merged in (override) +- the name of the base template (source) + +note: the source must be a named template (helm partial). This is necessary for the merging logic. + +The behaviour is as follows, to align with already existing helm behaviour: +- If no source is found (template is empty), the merged output will be empty +- If no overrides are specified, the source is rendered as is +- If overrides are specified and source is not empty, overrides will be merged in to the source. + +Overrides can replace / add to deeply nested dictionaries, but will completely replace lists. +Examples: + +┌─────────────────────┬───────────────────────┬────────────────────────┐ +│ Source (template) │ Overrides │ Result │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ metadata: │ metadata: │ metadata: │ +│ labels: │ labels: │ labels: │ +│ app: gloo │ app: gloo1 │ app: gloo1 │ +│ cluster: useast │ author: infra-team │ author: infra-team │ +│ │ │ cluster: useast │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ lists: │ lists: │ lists: │ +│ groceries: │ groceries: │ groceries: │ +│ - apple │ - grapes │ - grapes │ +│ - banana │ │ │ +└─────────────────────┴───────────────────────┴────────────────────────┘ + +skv2.utils.merge is a fork of a helm library chart function (https://github.com/helm/charts/blob/master/incubator/common/templates/_util.tpl). +This includes some optimizations to speed up chart rendering time, and merges in a value (overrides) with a named template, unlike the upstream +version, which merges two named templates. + +*/ -}} +{{- define "skv2.utils.merge" -}} +{{- $top := first . -}} +{{- $overrides := (index . 1) -}} +{{- $tpl := fromYaml (include (index . 2) $top) -}} +{{- if or (empty $overrides) (empty $tpl) -}} +{{ include (index . 2) $top }} {{/* render source as is */}} +{{- else -}} +{{- $merged := merge $overrides $tpl -}} +{{- toYaml $merged -}} {{/* render source with overrides as YAML */}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/codegen/test/chart/conditional-volumes/templates/deployment.yaml b/codegen/test/chart/conditional-volumes/templates/deployment.yaml new file mode 100644 index 000000000..cc86026a9 --- /dev/null +++ b/codegen/test/chart/conditional-volumes/templates/deployment.yaml @@ -0,0 +1,155 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{- $painter := $.Values.painter }} +--- + +{{- define "painter.deploymentSpec" }} +# Deployment manifest for painter + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +spec: + selector: + matchLabels: + app: painter + template: + metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + spec: + serviceAccountName: painter + {{- /* Override the default podSecurityContext config if it is set. */}} +{{- if or ($.Values.painter.podSecurityContext) (eq "map[]" (printf "%v" $.Values.painter.podSecurityContext)) }} + securityContext: +{{ toYaml $.Values.painter.podSecurityContext | indent 8 }} +{{- end }} + volumes: + {{- if $.Values.painter.extraVolumes }} + {{- tpl (toYaml $.Values.painter.extraVolumes) . | nindent 6 }} + {{- end }} +{{- if .Values.painter.enabled }} + - name: conditional-certs + secret: + secretName: conditional-secret +{{- end }} + containers: +{{- $painter := $.Values.painter }} +{{- $painterImage := $painter.image }} + - name: painter + image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} + imagePullPolicy: {{ $painterImage.pullPolicy }} + {{- if or $painter.env $painter.extraEnvs }} + env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} +{{- end }} +{{- range $name, $item := $painter.extraEnvs }} + - name: {{ $name }} + {{- $item | toYaml | nindent 12 }} +{{- end }} + volumeMounts: + {{- if $.Values.painter.extraVolumeMounts }} + {{- tpl (toYaml $.Values.painter.extraVolumeMounts) . | nindent 8 }} + {{- end }} +{{- if .Values.painter.enabled }} + - mountPath: /var/run/secret/conditional + name: conditional-certs +{{- end }} + resources: +{{- if $painter.resources }} +{{ toYaml $painter.resources | indent 10}} +{{- else}} + requests: + cpu: 500m + memory: 256Mi +{{- end }} + {{- /* + Render securityContext configs if it is set. + If securityContext is not set, render the default securityContext. + If securityContext is set to 'false', render an empty map. + */}} + securityContext: +{{- if or ($painter.securityContext) (eq "map[]" (printf "%v" $painter.securityContext)) }} +{{ toYaml $painter.securityContext | indent 10}} +{{/* Because securityContext is nil by default we can only perform following conversion if it is a boolean. Skip conditional otherwise. */}} +{{- else if eq (ternary $painter.securityContext true (eq "bool" (printf "%T" $painter.securityContext))) false }} + {} +{{- else}} + runAsNonRoot: true + {{- if not $painter.floatingUserId }} + runAsUser: {{ printf "%.0f" (float64 $painter.runAsUser) }} + {{- end }} + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +{{- end }} +{{- $pullSecrets := (list) -}} +{{- if $painterImage.pullSecret }} + {{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}} +{{- end }} +{{- if $painter.imagePullSecrets }} + {{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}} +{{- end }} +{{- if gt (len $pullSecrets) 0 -}} + {{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }} +{{- end }} +{{- end }} {{/* define "painter.deploymentSpec" */}} + +{{/* Render painter deployment template with overrides from values*/}} +{{ if $painter.enabled }} +{{- $painterDeploymentOverrides := dict }} +{{- if $painter.deploymentOverrides }} +{{- $painterDeploymentOverrides = $painter.deploymentOverrides }} +{{- end }} +--- +{{ include "skv2.utils.merge" (list . $painterDeploymentOverrides "painter.deploymentSpec") }} +{{- end }} +--- +{{ if $painter.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: painter + {{- if $painter.serviceAccount}} + {{- if $painter.serviceAccount.extraAnnotations }} + annotations: + {{- range $key, $value := $painter.serviceAccount.extraAnnotations }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + {{- end}} + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +{{- end }} + + +{{- define "painter.serviceSpec"}} + +{{- end }} {{/* define "painter.serviceSpec" */}} +{{ if $painter.enabled }} +{{/* Render painter service template with overrides from values*/}} +{{- $painterServiceOverrides := dict }} +{{- if $painter.serviceOverrides }} +{{- $painterServiceOverrides = $painter.serviceOverrides }} +{{- end }} + +--- + +{{ include "skv2.utils.merge" (list . $painterServiceOverrides "painter.serviceSpec") }} +{{- end }} + diff --git a/codegen/test/chart/conditional-volumes/templates/rbac.yaml b/codegen/test/chart/conditional-volumes/templates/rbac.yaml new file mode 100644 index 000000000..feb93b669 --- /dev/null +++ b/codegen/test/chart/conditional-volumes/templates/rbac.yaml @@ -0,0 +1,2 @@ +# Code generated by skv2. DO NOT EDIT. + diff --git a/codegen/test/chart/conditional-volumes/values.yaml b/codegen/test/chart/conditional-volumes/values.yaml new file mode 100644 index 000000000..3796fee5e --- /dev/null +++ b/codegen/test/chart/conditional-volumes/values.yaml @@ -0,0 +1,18 @@ +# Code generated by skv2. DO NOT EDIT. + +painter: + deploymentOverrides: null + env: null + extraEnvs: {} + floatingUserId: false + image: + pullPolicy: IfNotPresent + registry: quay.io/solo-io + repository: painter + tag: v0.0.0 + ports: {} + runAsUser: 10101 + serviceOverrides: null + serviceType: "" + sidecars: {} + diff --git a/codegen/test/chart/extra-volumes/Chart.yaml b/codegen/test/chart/extra-volumes/Chart.yaml new file mode 100644 index 000000000..01037b07a --- /dev/null +++ b/codegen/test/chart/extra-volumes/Chart.yaml @@ -0,0 +1,8 @@ +# Code generated by skv2. DO NOT EDIT. + +apiVersion: v1 +home: https://docs.solo.io/skv2/latest +name: Painting Operator +sources: +- https://github.com/solo-io/skv2 +version: v0.0.1 diff --git a/codegen/test/chart/extra-volumes/templates/_helpers.tpl b/codegen/test/chart/extra-volumes/templates/_helpers.tpl new file mode 100644 index 000000000..0c155a127 --- /dev/null +++ b/codegen/test/chart/extra-volumes/templates/_helpers.tpl @@ -0,0 +1,54 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{/* Below are library functions provided by skv2 */}} + +{{- /* + +"skv2.utils.merge" takes an array of three values: +- the top context +- the yaml block that will be merged in (override) +- the name of the base template (source) + +note: the source must be a named template (helm partial). This is necessary for the merging logic. + +The behaviour is as follows, to align with already existing helm behaviour: +- If no source is found (template is empty), the merged output will be empty +- If no overrides are specified, the source is rendered as is +- If overrides are specified and source is not empty, overrides will be merged in to the source. + +Overrides can replace / add to deeply nested dictionaries, but will completely replace lists. +Examples: + +┌─────────────────────┬───────────────────────┬────────────────────────┐ +│ Source (template) │ Overrides │ Result │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ metadata: │ metadata: │ metadata: │ +│ labels: │ labels: │ labels: │ +│ app: gloo │ app: gloo1 │ app: gloo1 │ +│ cluster: useast │ author: infra-team │ author: infra-team │ +│ │ │ cluster: useast │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ lists: │ lists: │ lists: │ +│ groceries: │ groceries: │ groceries: │ +│ - apple │ - grapes │ - grapes │ +│ - banana │ │ │ +└─────────────────────┴───────────────────────┴────────────────────────┘ + +skv2.utils.merge is a fork of a helm library chart function (https://github.com/helm/charts/blob/master/incubator/common/templates/_util.tpl). +This includes some optimizations to speed up chart rendering time, and merges in a value (overrides) with a named template, unlike the upstream +version, which merges two named templates. + +*/ -}} +{{- define "skv2.utils.merge" -}} +{{- $top := first . -}} +{{- $overrides := (index . 1) -}} +{{- $tpl := fromYaml (include (index . 2) $top) -}} +{{- if or (empty $overrides) (empty $tpl) -}} +{{ include (index . 2) $top }} {{/* render source as is */}} +{{- else -}} +{{- $merged := merge $overrides $tpl -}} +{{- toYaml $merged -}} {{/* render source with overrides as YAML */}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/codegen/test/chart/extra-volumes/templates/deployment.yaml b/codegen/test/chart/extra-volumes/templates/deployment.yaml new file mode 100644 index 000000000..4fce3a6ba --- /dev/null +++ b/codegen/test/chart/extra-volumes/templates/deployment.yaml @@ -0,0 +1,138 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{- $painter := $.Values.painter }} +--- + +{{- define "painter.deploymentSpec" }} +# Deployment manifest for painter + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +spec: + selector: + matchLabels: + app: painter + template: + metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + spec: + serviceAccountName: painter + {{- /* Override the default podSecurityContext config if it is set. */}} +{{- if or ($.Values.painter.podSecurityContext) (eq "map[]" (printf "%v" $.Values.painter.podSecurityContext)) }} + securityContext: +{{ toYaml $.Values.painter.podSecurityContext | indent 8 }} +{{- end }} + containers: +{{- $painter := $.Values.painter }} +{{- $painterImage := $painter.image }} + - name: painter + image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} + imagePullPolicy: {{ $painterImage.pullPolicy }} + {{- if or $painter.env $painter.extraEnvs }} + env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} +{{- end }} +{{- range $name, $item := $painter.extraEnvs }} + - name: {{ $name }} + {{- $item | toYaml | nindent 12 }} +{{- end }} + resources: +{{- if $painter.resources }} +{{ toYaml $painter.resources | indent 10}} +{{- else}} + requests: + cpu: 500m + memory: 256Mi +{{- end }} + {{- /* + Render securityContext configs if it is set. + If securityContext is not set, render the default securityContext. + If securityContext is set to 'false', render an empty map. + */}} + securityContext: +{{- if or ($painter.securityContext) (eq "map[]" (printf "%v" $painter.securityContext)) }} +{{ toYaml $painter.securityContext | indent 10}} +{{/* Because securityContext is nil by default we can only perform following conversion if it is a boolean. Skip conditional otherwise. */}} +{{- else if eq (ternary $painter.securityContext true (eq "bool" (printf "%T" $painter.securityContext))) false }} + {} +{{- else}} + runAsNonRoot: true + {{- if not $painter.floatingUserId }} + runAsUser: {{ printf "%.0f" (float64 $painter.runAsUser) }} + {{- end }} + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +{{- end }} +{{- $pullSecrets := (list) -}} +{{- if $painterImage.pullSecret }} + {{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}} +{{- end }} +{{- if $painter.imagePullSecrets }} + {{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}} +{{- end }} +{{- if gt (len $pullSecrets) 0 -}} + {{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }} +{{- end }} +{{- end }} {{/* define "painter.deploymentSpec" */}} + +{{/* Render painter deployment template with overrides from values*/}} +{{ if $painter.enabled }} +{{- $painterDeploymentOverrides := dict }} +{{- if $painter.deploymentOverrides }} +{{- $painterDeploymentOverrides = $painter.deploymentOverrides }} +{{- end }} +--- +{{ include "skv2.utils.merge" (list . $painterDeploymentOverrides "painter.deploymentSpec") }} +{{- end }} +--- +{{ if $painter.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: painter + {{- if $painter.serviceAccount}} + {{- if $painter.serviceAccount.extraAnnotations }} + annotations: + {{- range $key, $value := $painter.serviceAccount.extraAnnotations }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + {{- end}} + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +{{- end }} + + +{{- define "painter.serviceSpec"}} + +{{- end }} {{/* define "painter.serviceSpec" */}} +{{ if $painter.enabled }} +{{/* Render painter service template with overrides from values*/}} +{{- $painterServiceOverrides := dict }} +{{- if $painter.serviceOverrides }} +{{- $painterServiceOverrides = $painter.serviceOverrides }} +{{- end }} + +--- + +{{ include "skv2.utils.merge" (list . $painterServiceOverrides "painter.serviceSpec") }} +{{- end }} + diff --git a/codegen/test/chart/extra-volumes/templates/rbac.yaml b/codegen/test/chart/extra-volumes/templates/rbac.yaml new file mode 100644 index 000000000..feb93b669 --- /dev/null +++ b/codegen/test/chart/extra-volumes/templates/rbac.yaml @@ -0,0 +1,2 @@ +# Code generated by skv2. DO NOT EDIT. + diff --git a/codegen/test/chart/extra-volumes/values.yaml b/codegen/test/chart/extra-volumes/values.yaml new file mode 100644 index 000000000..3796fee5e --- /dev/null +++ b/codegen/test/chart/extra-volumes/values.yaml @@ -0,0 +1,18 @@ +# Code generated by skv2. DO NOT EDIT. + +painter: + deploymentOverrides: null + env: null + extraEnvs: {} + floatingUserId: false + image: + pullPolicy: IfNotPresent + registry: quay.io/solo-io + repository: painter + tag: v0.0.0 + ports: {} + runAsUser: 10101 + serviceOverrides: null + serviceType: "" + sidecars: {} + diff --git a/codegen/test/chart/static-volumes/Chart.yaml b/codegen/test/chart/static-volumes/Chart.yaml new file mode 100644 index 000000000..01037b07a --- /dev/null +++ b/codegen/test/chart/static-volumes/Chart.yaml @@ -0,0 +1,8 @@ +# Code generated by skv2. DO NOT EDIT. + +apiVersion: v1 +home: https://docs.solo.io/skv2/latest +name: Painting Operator +sources: +- https://github.com/solo-io/skv2 +version: v0.0.1 diff --git a/codegen/test/chart/static-volumes/templates/_helpers.tpl b/codegen/test/chart/static-volumes/templates/_helpers.tpl new file mode 100644 index 000000000..0c155a127 --- /dev/null +++ b/codegen/test/chart/static-volumes/templates/_helpers.tpl @@ -0,0 +1,54 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{/* Below are library functions provided by skv2 */}} + +{{- /* + +"skv2.utils.merge" takes an array of three values: +- the top context +- the yaml block that will be merged in (override) +- the name of the base template (source) + +note: the source must be a named template (helm partial). This is necessary for the merging logic. + +The behaviour is as follows, to align with already existing helm behaviour: +- If no source is found (template is empty), the merged output will be empty +- If no overrides are specified, the source is rendered as is +- If overrides are specified and source is not empty, overrides will be merged in to the source. + +Overrides can replace / add to deeply nested dictionaries, but will completely replace lists. +Examples: + +┌─────────────────────┬───────────────────────┬────────────────────────┐ +│ Source (template) │ Overrides │ Result │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ metadata: │ metadata: │ metadata: │ +│ labels: │ labels: │ labels: │ +│ app: gloo │ app: gloo1 │ app: gloo1 │ +│ cluster: useast │ author: infra-team │ author: infra-team │ +│ │ │ cluster: useast │ +├─────────────────────┼───────────────────────┼────────────────────────┤ +│ lists: │ lists: │ lists: │ +│ groceries: │ groceries: │ groceries: │ +│ - apple │ - grapes │ - grapes │ +│ - banana │ │ │ +└─────────────────────┴───────────────────────┴────────────────────────┘ + +skv2.utils.merge is a fork of a helm library chart function (https://github.com/helm/charts/blob/master/incubator/common/templates/_util.tpl). +This includes some optimizations to speed up chart rendering time, and merges in a value (overrides) with a named template, unlike the upstream +version, which merges two named templates. + +*/ -}} +{{- define "skv2.utils.merge" -}} +{{- $top := first . -}} +{{- $overrides := (index . 1) -}} +{{- $tpl := fromYaml (include (index . 2) $top) -}} +{{- if or (empty $overrides) (empty $tpl) -}} +{{ include (index . 2) $top }} {{/* render source as is */}} +{{- else -}} +{{- $merged := merge $overrides $tpl -}} +{{- toYaml $merged -}} {{/* render source with overrides as YAML */}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/codegen/test/chart/static-volumes/templates/deployment.yaml b/codegen/test/chart/static-volumes/templates/deployment.yaml new file mode 100644 index 000000000..5060d2a0c --- /dev/null +++ b/codegen/test/chart/static-volumes/templates/deployment.yaml @@ -0,0 +1,151 @@ +# Code generated by skv2. DO NOT EDIT. + + + +{{- $painter := $.Values.painter }} +--- + +{{- define "painter.deploymentSpec" }} +# Deployment manifest for painter + +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +spec: + selector: + matchLabels: + app: painter + template: + metadata: + labels: + app: painter + annotations: + app.kubernetes.io/name: painter + spec: + serviceAccountName: painter + {{- /* Override the default podSecurityContext config if it is set. */}} +{{- if or ($.Values.painter.podSecurityContext) (eq "map[]" (printf "%v" $.Values.painter.podSecurityContext)) }} + securityContext: +{{ toYaml $.Values.painter.podSecurityContext | indent 8 }} +{{- end }} + volumes: + - name: static-certs + secret: + secretName: static-secret + {{- if $.Values.painter.extraVolumes }} + {{- tpl (toYaml $.Values.painter.extraVolumes) . | nindent 6 }} + {{- end }} + containers: +{{- $painter := $.Values.painter }} +{{- $painterImage := $painter.image }} + - name: painter + image: {{ $painterImage.registry }}/{{ $painterImage.repository }}:{{ $painterImage.tag }} + imagePullPolicy: {{ $painterImage.pullPolicy }} + {{- if or $painter.env $painter.extraEnvs }} + env: + {{- end }} +{{- if $painter.env }} +{{- toYaml $painter.env | nindent 10 }} +{{- end }} +{{- range $name, $item := $painter.extraEnvs }} + - name: {{ $name }} + {{- $item | toYaml | nindent 12 }} +{{- end }} + volumeMounts: + - mountPath: /var/run/secret/static + name: static-certs + {{- if $.Values.painter.extraVolumeMounts }} + {{- tpl (toYaml $.Values.painter.extraVolumeMounts) . | nindent 8 }} + {{- end }} + resources: +{{- if $painter.resources }} +{{ toYaml $painter.resources | indent 10}} +{{- else}} + requests: + cpu: 500m + memory: 256Mi +{{- end }} + {{- /* + Render securityContext configs if it is set. + If securityContext is not set, render the default securityContext. + If securityContext is set to 'false', render an empty map. + */}} + securityContext: +{{- if or ($painter.securityContext) (eq "map[]" (printf "%v" $painter.securityContext)) }} +{{ toYaml $painter.securityContext | indent 10}} +{{/* Because securityContext is nil by default we can only perform following conversion if it is a boolean. Skip conditional otherwise. */}} +{{- else if eq (ternary $painter.securityContext true (eq "bool" (printf "%T" $painter.securityContext))) false }} + {} +{{- else}} + runAsNonRoot: true + {{- if not $painter.floatingUserId }} + runAsUser: {{ printf "%.0f" (float64 $painter.runAsUser) }} + {{- end }} + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +{{- end }} +{{- $pullSecrets := (list) -}} +{{- if $painterImage.pullSecret }} + {{- $pullSecrets = concat $pullSecrets (list (dict "name" $painterImage.pullSecret)) -}} +{{- end }} +{{- if $painter.imagePullSecrets }} + {{- $pullSecrets = concat $pullSecrets $painter.imagePullSecrets -}} +{{- end }} +{{- if gt (len $pullSecrets) 0 -}} + {{- (dict "imagePullSecrets" $pullSecrets) | toYaml | nindent 6 }} +{{- end }} +{{- end }} {{/* define "painter.deploymentSpec" */}} + +{{/* Render painter deployment template with overrides from values*/}} +{{ if $painter.enabled }} +{{- $painterDeploymentOverrides := dict }} +{{- if $painter.deploymentOverrides }} +{{- $painterDeploymentOverrides = $painter.deploymentOverrides }} +{{- end }} +--- +{{ include "skv2.utils.merge" (list . $painterDeploymentOverrides "painter.deploymentSpec") }} +{{- end }} +--- +{{ if $painter.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: painter + {{- if $painter.serviceAccount}} + {{- if $painter.serviceAccount.extraAnnotations }} + annotations: + {{- range $key, $value := $painter.serviceAccount.extraAnnotations }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + {{- end}} + name: painter + namespace: {{ default .Release.Namespace $.Values.painter.namespace }} +{{- end }} + + +{{- define "painter.serviceSpec"}} + +{{- end }} {{/* define "painter.serviceSpec" */}} +{{ if $painter.enabled }} +{{/* Render painter service template with overrides from values*/}} +{{- $painterServiceOverrides := dict }} +{{- if $painter.serviceOverrides }} +{{- $painterServiceOverrides = $painter.serviceOverrides }} +{{- end }} + +--- + +{{ include "skv2.utils.merge" (list . $painterServiceOverrides "painter.serviceSpec") }} +{{- end }} + diff --git a/codegen/test/chart/static-volumes/templates/rbac.yaml b/codegen/test/chart/static-volumes/templates/rbac.yaml new file mode 100644 index 000000000..feb93b669 --- /dev/null +++ b/codegen/test/chart/static-volumes/templates/rbac.yaml @@ -0,0 +1,2 @@ +# Code generated by skv2. DO NOT EDIT. + diff --git a/codegen/test/chart/static-volumes/values.yaml b/codegen/test/chart/static-volumes/values.yaml new file mode 100644 index 000000000..3796fee5e --- /dev/null +++ b/codegen/test/chart/static-volumes/values.yaml @@ -0,0 +1,18 @@ +# Code generated by skv2. DO NOT EDIT. + +painter: + deploymentOverrides: null + env: null + extraEnvs: {} + floatingUserId: false + image: + pullPolicy: IfNotPresent + registry: quay.io/solo-io + repository: painter + tag: v0.0.0 + ports: {} + runAsUser: 10101 + serviceOverrides: null + serviceType: "" + sidecars: {} +