diff --git a/charts/uni-helm/.helmignore b/charts/uni-helm/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/uni-helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/uni-helm/Chart.yaml b/charts/uni-helm/Chart.yaml new file mode 100644 index 0000000..be87d5c --- /dev/null +++ b/charts/uni-helm/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: uni-helm +description: A Helm chart for Kubernetes + +keywords: + - blockchain + - web3 + +maintainers: + - email: vlad.sh@startale.com + - email: marijan.cavar@startale.com + +type: application + +version: 1.0.0 diff --git a/charts/uni-helm/examples/example-values.yaml b/charts/uni-helm/examples/example-values.yaml new file mode 100644 index 0000000..35fa9c6 --- /dev/null +++ b/charts/uni-helm/examples/example-values.yaml @@ -0,0 +1,289 @@ +fullnameOverride: fullname +statefulsets: + - name: heimdall # <- STATEFULSET_NAME + # replicas: 1 + horizontalPodAutoscaler: + enabled: true + minReplicas: 1 + maxReplicas: 10 + targetMemoryUtilizationPercentage: 50 + targetCPUUtilizationPercentage: 60 + + nodeSelector: + node.kubernetes.io/instance-type: n2-standard-16 + persistence: + size: 350Gi + storageClassName: standard-rwo + volumeMountPath: /data + gcpVolumeSnapshot: polygon-mainnet-archival-heimdall-latest + initContainers: + init-configs: + image: + repository: heimdall/image + tag: heimdall.tag + command: + - 'sh' + - '-c' + - | + # rm -rf /data/config + if [ ! -d /data/config ]; then + echo "Initialising heimdall configs" + fi + volumeMounts: + - name: heimdall-data + mountPath: /data + download-genesis: + image: + repository: heimdall/image + tag: heimdall.tag + env: + - name: GENESIS_FILE + value: "/data/config/genesis.json" + - name: GENESIS_URL + value: https://raw.githubusercontent.com/maticnetwork/heimdall/master/builder/files/genesis-mainnet-v1.json + command: + - 'sh' + - '-c' + - | + if [ ! -f $GENESIS_FILE ]; then + echo "Genesis not exist, downloading it." + fi + volumeMounts: + - name: heimdall-data + mountPath: /data + + containers: + - name: heimdalld + image: + repository: heimdall/image + tag: heimdall.tag + resources: + limits: + memory: 2Gi + cpu: 1 + requests: + memory: 512Mi + cpu: 256m + env: + - name: GENESIS_FILE + value: "/data/config/genesis.json" + envFrom: + - secretRef: + name: some-secret + command: + - heimdalld + - --home=/data + - --chain=mainnet + - start + - --seeds=f4f605d60b8 + - --rest-server + - --laddr=tcp://0.0.0.0:1317 + - --rpc.laddr=tcp://0.0.0.0:26657 + ports: + - name: heimdall-rpc + port: 26657 + protocol: TCP + - name: heimdall-rest + port: 1317 + protocol: TCP + service: + type: ClusterIP + annotations: + cloud.google.com/neg: '{"ingress": true}' + ingress: + # enabled: false + # className: "className" + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: chart-example-tls + hosts: + - chart-example.local + startupProbe: + tcpSocket: + port: 1317 + periodSeconds: 60 + failureThreshold: 10 + livenessProbe: + tcpSocket: + port: 1317 + + - name: erigonbor + replicas: 3 + dnsPolicy: "None" + dnsConfig: + searches: + - qos.svc.eu-southwest1-prod.v2.pokt.network + - svc.eu-southwest1-prod.v2.pokt.network + - eu-southwest1-prod.v2.pokt.network + - europe-southwest1-c.c.portal-eu-southwest1-prod.internal + - c.portal-eu-southwest1-prod.internal + - google.internal + nameservers: + - 10.12.183.20 + options: + - name: ndots + value: "2" + annotations: + deployment-annotations: 'dfgfsdgsdgsdfgsdfgsdfgsdfgdsfgsd' + podAnnotations: + pod-annotations: 'dfgfsdgsdgsdfgsdfgsdfgsdfgdsfgsd' + mountConfigMaps: + - name: velas-entrypoint + mountPath: /dat0 + mountSecrets: + - name: velas-entrypoint1 + mountPath: /data1 + - name: velas-entrypoint2 + mountPath: /data2 + + initContainers: + - name: download-snapshot + image: + repository: heimdall/image + tag: heimdall.tag + workingDir: /data + env: + - name: APP_HOME + value: "/data" + command: + - 'sh' + - '-c' + - | + set -ex + # If heimdalld container and we need to bootstrap on first run then download the snapshot + if [ ! -f "$APP_HOME/bootstrapped" ]; + then + echo "downloading snapshot from ${SNAPSHOT_URL}" + fi + securityContext: + runAsUser: 0 + resources: + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: erigonbor-data + mountPath: /data + - name: wait-heimdall-synced + image: + repository: heimdall/image + tag: heimdall.tag + command: + - /bin/sh + - -c + - | + set -ex + apk add curl jq + while :; do + CATCHINGUP=$(curl http://fullname-heimdall-rpc:26657/status | \ + jq -r '.result.sync_info.catching_up') + echo "CatchingUp: $CATCHINGUP" + if [ "$CATCHINGUP" == "false" ]; then + echo "HEIMDALL is up and synched, running BOR." + break + fi + sleep 60 + done + securityContext: + runAsUser: 0 + resources: + requests: + cpu: 100m + memory: 256Mi + containers: + - name: erigonbor + image: + repository: erigon/image + tag: erigontag + resources: + limits: + memory: 100Gi + cpu: 8 + requests: + memory: 50Gi + cpu: 1 + command: + - erigon + - --chain=bor-mainnet + - --http.addr=0.0.0.0 + - --http.vhosts=* + - --http.corsdomain=* + ports: + - name: rpc + port: 8545 + protocol: TCP + service: + type: ClusterIP + annotations: + cloud.google.com/neg: '{"ingress": true}' + ingress: + # enabled: false + className: "className" + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: chart-example-tls + hosts: + - chart-example.local + startupProbe: + tcpSocket: + port: 8545 + periodSeconds: 60 + failureThreshold: 120 + livenessProbe: + tcpSocket: + port: 8545 + +global: + serviceAccount: + name: polygon + securityContext: + fsGroup: 1001 + runAsUser: 1001 + runAsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" + +# Additional manifests to deploy as an array +additionalManifests: + - kind: Host + apiVersion: getambassador.io/v3alpha1 + metadata: + name: fullname-rpc + annotations: + external-dns.ambassador-service: emissary-ingress.emissary-ingress + spec: + hostname: hostname.domain.com + tlsSecret: + name: wildcard-poktnodes--network-tls + namespace: emissary-ingress + + - kind: ConfigMap + apiVersion: v1 + metadata: + name: velas-entrypoint + data: + entrypoint.sh: | + #!/bin/bash + + velas-validator --ledger /data --evm-state-archive /data/evmarchive \ + --entrypoint bootstrap.velas.com:8001 \ + --trusted-validator 78rvyxYJAUXGaZHJWyz7Yx81ribpAYvwupVuF9CugGws \ + --trusted-validator FSZbHLPerYngGGwgWbXHtqTLRvLmgKVeUZCKwbFttWng \ + --limit-ledger-size \ + --maximum-full-snapshots-to-retain 1 \ + --maximum-incremental-snapshots-to-retain 1 \ + --log - & + diff --git a/charts/uni-helm/examples/example-values2.yaml b/charts/uni-helm/examples/example-values2.yaml new file mode 100644 index 0000000..100d435 --- /dev/null +++ b/charts/uni-helm/examples/example-values2.yaml @@ -0,0 +1,115 @@ +deployments: + - name: middleware + horizontalPodAutoscaler: + enabled: true + maxReplicas: 100 + minReplicas: 50 + targetCPUUtilizationPercentage: 60 + dnsConfig: + options: + - name: ndots + value: "2" + + mountSecrets: + - name: portal-middleware + mountPath: /etc/portal + items: + - key: config.json + path: config.json + + containers: + - name: middleware + image: + repository: us-central1-docker.pkg.dev/portal-gb-prod/portal-middleware/pokt-middleware + tag: v0.0.110-rc61 + resources: + limits: + memory: 4G + requests: + cpu: 3 + memory: 2G + envFrom: + - secretRef: + name: "portal-middleware" + env: + - name: GOMEMLIMIT + value: 2000MiB + - name: PORT + value: "8080" + - name: CONFIG_FILE + value: "/etc/portal/config.json" + + ports: + - name: port8080 + port: 8080 + protocol: TCP + service: + type: ClusterIP + annotations: + cloud.google.com/neg: '{"ingress": true}' + emissary: + enabled: false + annotations: + kubernetes.io/ingress.class: "gce" + cert-manager.io/cluster-issuer: "letsencrypt-prod" + hosts: + - host: "*.middleware.europe-west3-prod.v2.pokt.network" + paths: + - path: / + pathType: Prefix + tls: + - secretName: portal-middleware-tls + hosts: + - "middleware.europe-west3-prod.v2.pokt.network" + - "*.middleware.europe-west3-prod.v2.pokt.network" + + - name: port8080-another + port: 8080 + protocol: TCP + service: + type: ClusterIP + annotations: + cloud.google.com/neg: '{"ingress": true}' + ingress: + # enabled: true + annotations: + kubernetes.io/ingress.class: "gce" + cert-manager.io/cluster-issuer: "letsencrypt-prod" + hosts: + - host: "*.another-domain.pokt.network" + paths: + - path: / + pathType: Prefix + tls: + - secretName: portal-middleware-tls + hosts: + - "middleware.another-domain.pokt.network" + - "*.middleware.another-domain.pokt.network" + + readinessProbe: + failureThreshold: 6 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + livenessProbe: + failureThreshold: 6 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + +global: + serviceAccount: + create: false + name: "pokt-middleware" + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::22222222:role/cert-manager-staging-us-east-1 + podAnnotations: + coin-prediction-node-b7s--tag: dev-latest # Will be automatically updated to the latest tag + coin-prediction-node-micromamba--tag: dev-latest # Will be automatically updated to the latest tag + imagePullPolicy: Never + securityContext: + fsGroup: 1001 + runAsUser: 1001 + runAsGroup: 1001 diff --git a/charts/uni-helm/templates/_helpers.tpl b/charts/uni-helm/templates/_helpers.tpl new file mode 100644 index 0000000..3550c79 --- /dev/null +++ b/charts/uni-helm/templates/_helpers.tpl @@ -0,0 +1,58 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "general.name" -}} +{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Service account name +*/}} +{{- define "general.sa_name" -}} +{{- default (include "general.name" .) .Values.global.serviceAccount.name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "general.fullname" -}} +{{- if .Values.global.fullnameOverride }} +{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.global.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "general.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "general.labels" -}} +helm.sh/chart: {{ include "general.chart" . }} +{{ include "general.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "general.selectorLabels" -}} +app.kubernetes.io/name: {{ include "general.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/uni-helm/templates/additional-manifests.yaml b/charts/uni-helm/templates/additional-manifests.yaml new file mode 100644 index 0000000..cc0e0c9 --- /dev/null +++ b/charts/uni-helm/templates/additional-manifests.yaml @@ -0,0 +1,6 @@ +{{ range $.Values.additionalManifests }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} +--- +{{ tpl $.Values.additionalYamlManifests $ }} diff --git a/charts/uni-helm/templates/deployments.yaml b/charts/uni-helm/templates/deployments.yaml new file mode 100644 index 0000000..78e1ae4 --- /dev/null +++ b/charts/uni-helm/templates/deployments.yaml @@ -0,0 +1,151 @@ +{{- range $dpli, $dpl := $.Values.deployments }} +{{- $volumeName := printf "%s-data" $dpl.name }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $dpl.name }} + labels: + {{- include "general.labels" $ | nindent 4 }} + {{- with $dpl.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ default 1 $dpl.replicas }} + selector: + matchLabels: + deploymentname: {{ $dpl.name }} + template: + metadata: + name: {{ template "general.fullname" $ }} + labels: + {{- include "general.labels" $ | nindent 8 }} + {{- with $dpl.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + deploymentname: {{ $dpl.name }} + {{- with (merge (default (dict ) $dpl.podAnnotations) (default (dict ) $.Values.global.podAnnotations))}} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "general.sa_name" $ }} + terminationGracePeriodSeconds: {{ default 10 $.Values.global.terminationGracePeriodSeconds }} + {{- with $dpl.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $dpl.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $dpl.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $dpl.topologySpreadConstraints }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with (default $.Values.global.securityContext $dpl.securityContext) }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} + + initContainers: + {{- with $dpl.initContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} + + {{- with $dpl.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 8 }} + {{- end }} + containers: + {{- range $kcntnr, $cntnr := $dpl.containers }} + - name: {{ $cntnr.name }} + image: "{{ $cntnr.image.repository }}:{{ $cntnr.image.tag }}" + imagePullPolicy: {{ default "IfNotPresent" $.Values.global.imagePullPolicy }} + + {{- with $cntnr.envFrom }} + envFrom: {{- toYaml . | nindent 12}} + {{- end }} + {{- with $cntnr.env }} + env: {{- toYaml . | nindent 12}} + {{- end }} + + {{- with $cntnr.workingDir }} + workingDir: {{ . }} + {{- end }} + {{- with $cntnr.command }} + command: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with $cntnr.args }} + args: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with $cntnr.resources }} + resources: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with $cntnr.lifecycle }} + lifecycle: {{- toYaml . | nindent 12 }} + {{- end }} + + ports: + {{- range $kprt, $prt := $cntnr.ports }} + - name: {{ $prt.name}} + protocol: {{ default "TCP" $prt.protocol }} + containerPort: {{ $prt.port }} + {{- end }} + + {{- with (default (list ) $cntnr.startupProbe) }} + startupProbe: {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with (default (list ) $cntnr.livenessProbe) }} + livenessProbe: {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with (default (list ) $cntnr.readinessProbe) }} + readinessProbe: {{- toYaml . | nindent 12 }} + {{- end }} + + volumeMounts: + {{- range $vol := $cntnr.extraVolumes }} + - name: {{default (default $vol.secretName $vol.configMap) $vol.persistentVolumeClaim}} + mountPath: {{$vol.mountPath}} + {{- end }} + + {{- end }} # {{/* range $kcntnr, $cntnr := $dpl.containers */}} + + volumes: + {{- range $cntnr := $dpl.containers -}} + {{- range $vol := $cntnr.extraVolumes }} + {{- if hasKey $vol "secretName" }} + - name: {{$vol.secretName}} + secret: + secretName: {{$vol.secretName}} + optional: false + {{- else if hasKey $vol "configMap" }} + - name: {{$vol.configMap}} + configMap: + name: {{$vol.configMap}} + {{- else if hasKey $vol "persistentVolumeClaim" }} + - name: {{$vol.persistentVolumeClaim}} + persistentVolumeClaim: + claimName: {{$vol.persistentVolumeClaim}} + {{- end }} + {{- end }} + {{- end }} + {{- if $dpl.persistence}}{{- if $dpl.persistence.extraVolumes}} + {{- range $vol := $dpl.persistence.extraVolumes }} + {{- if hasKey $vol "secretName" }} + - name: {{$vol.secretName}} + secret: + secretName: {{$vol.secretName}} + optional: false + {{- else if hasKey $vol "configMap" }} + - name: {{$vol.configMap}} + configMap: + name: {{$vol.configMap}} + {{- else if hasKey $vol "persistentVolumeClaim" }} + - name: {{$vol.persistentVolumeClaim}} + persistentVolumeClaim: + claimName: {{$vol.persistentVolumeClaim}} + {{- end }} + {{- end }} + {{- end }}{{- end }} +{{ end }} # {{/* range $dpli, $dpl := $.Values.statefulsets */}} diff --git a/charts/uni-helm/templates/emissary-ingress.yaml b/charts/uni-helm/templates/emissary-ingress.yaml new file mode 100644 index 0000000..5e3f500 --- /dev/null +++ b/charts/uni-helm/templates/emissary-ingress.yaml @@ -0,0 +1,107 @@ +{{- range $ndpl, $dpl := $.Values.deployments }} +{{- range $kcntnr, $cntnr := $dpl.containers }} +{{- range $kprt, $prt := $cntnr.ports }} +{{$dname:=printf "%s-%s-%s" $dpl.name $cntnr.name $prt.name}} + +{{/* # If .emissary enabled==true or not given*/}} +{{- if $prt.emissary }} +{{- if or (eq "true" (get $prt.emissary "enabled"|toString)) (empty (get $prt.emissary "enabled"|toString))}} + +{{ $emissarySvc:="emissary-ingress.emissary-ingress"}} +{{ if $.Values.global.emissary}}{{if $.Values.global.emissary.emissaryServiceName}} + {{$emissarySvc:=$.Values.global.emissary.emissaryServiceName}} +{{ end }}{{end}} + +kind: Host +apiVersion: getambassador.io/v3alpha1 +metadata: + name: {{$dname}} + labels: + {{- include "general.labels" $ | nindent 4 }} + annotations: + external-dns.ambassador-service: {{$emissarySvc}} + {{- with $prt.emissary.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + hostname: {{$prt.emissary.host}} +{{if $.Values.global.emissary}}{{if $.Values.global.emissary.tlsSecret}} + tlsSecret: + name: {{$.Values.global.emissary.tlsSecret.name}} + namespace: {{$.Values.global.emissary.tlsSecret.namespace}} +{{end}}{{end}} +--- +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: {{$dname}} + labels: + {{- include "general.labels" $ | nindent 4 }} +spec: + {{- with $prt.emissary.headers }} + headers: + {{- toYaml . | nindent 4 }} + {{- end }} + host: {{$prt.emissary.host}} + prefix: {{default "/" $prt.emissary.prefix}} + service: http://{{$dname}}:{{$prt.port}} +--- +{{- end -}}{{- end -}} + +{{- end -}} +{{- end -}} +{{- end -}} + +{{- range $ndpl, $dpl := $.Values.statefulsets }} +{{- range $kcntnr, $cntnr := $dpl.containers }} +{{- range $kprt, $prt := $cntnr.ports }} +{{$dname:=printf "%s-%s-%s" $dpl.name $cntnr.name $prt.name}} + +{{/* # If .emissary enabled==true or not given*/}} +{{- if $prt.emissary }} +{{- if or (eq "true" (get $prt.emissary "enabled"|toString)) (empty (get $prt.emissary "enabled"|toString))}} + +{{ $emissarySvc:="emissary-ingress.emissary-ingress"}} +{{ if $.Values.global.emissary}}{{if $.Values.global.emissary.emissaryServiceName}} + {{$emissarySvc:=$.Values.global.emissary.emissaryServiceName}} +{{ end }}{{end}} + +kind: Host +apiVersion: getambassador.io/v3alpha1 +metadata: + name: {{$dname}} + labels: + {{- include "general.labels" $ | nindent 4 }} + annotations: + external-dns.ambassador-service: {{$emissarySvc}} + {{- with $prt.emissary.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + hostname: {{$prt.emissary.host}} +{{if $.Values.global.emissary}}{{if $.Values.global.emissary.tlsSecret}} + tlsSecret: + name: {{$.Values.global.emissary.tlsSecret.name}} + namespace: {{$.Values.global.emissary.tlsSecret.namespace}} +{{end}}{{end}} +--- +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: {{$dname}} + labels: + {{- include "general.labels" $ | nindent 4 }} +spec: + {{- with $prt.emissary.headers }} + headers: + {{- toYaml . | nindent 4 }} + {{- end }} + host: {{$prt.emissary.host}} + prefix: {{default "/" $prt.emissary.prefix}} + service: http://{{$dname}}:{{$prt.port}} +--- +{{- end -}}{{- end -}} + +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/uni-helm/templates/service.yaml b/charts/uni-helm/templates/service.yaml new file mode 100644 index 0000000..36e670a --- /dev/null +++ b/charts/uni-helm/templates/service.yaml @@ -0,0 +1,73 @@ +{{- range $kstfs, $sts := .Values.statefulsets }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "general.labels" $ | nindent 4 }} + name: {{$sts.name}} +spec: + selector: + statefulsetname: {{ $sts.name }} + ports: + #! Headless service's port doesn't matter coz you addressing pod directly + - port: 12345 + clusterIP: None + publishNotReadyAddresses: true + +{{- range $kcntnr, $cntnr := $sts.containers }} +{{- range $kprt, $prt := $cntnr.ports }} +{{$sname:=printf "%s-%s-%s" $sts.name $cntnr.name $prt.name}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{$sname}} + labels: + {{- include "general.labels" $ | nindent 4 }} + {{- with $prt.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + statefulsetname: {{ $sts.name }} + type: {{ default "ClusterIP" $prt.type }} + ports: + - port: {{ $prt.port }} + targetPort: {{ $prt.port }} + protocol: {{ default "TCP" $prt.protocol }} + name: {{ $prt.name }} + +{{- end }} +{{- end }} +{{- end }} + +{{/* Deployments services*/}} +{{- range $kstfs, $dpl := .Values.deployments }} +{{- range $kcntnr, $cntnr := $dpl.containers }} +{{- range $kprt, $prt := $cntnr.ports }} +{{$dname:=printf "%s-%s-%s" $dpl.name $cntnr.name $prt.name}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{$dname}} + labels: + {{- include "general.labels" $ | nindent 4 }} + {{- with $prt.serviceAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + deploymentname: {{ $dpl.name }} + type: {{ default "ClusterIP" $prt.type }} + ports: + - port: {{ $prt.port }} + targetPort: {{ $prt.port }} + protocol: {{ default "TCP" $prt.protocol }} + name: {{ $prt.name }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/uni-helm/templates/serviceaccount.yaml b/charts/uni-helm/templates/serviceaccount.yaml new file mode 100644 index 0000000..5db748c --- /dev/null +++ b/charts/uni-helm/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if or (eq "true" (get .Values.global.serviceAccount "create"|toString)) (empty (get .Values.global.serviceAccount "create"|toString))}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "general.sa_name" . }} + labels: + {{- include "general.labels" . | nindent 4 }} + {{- with .Values.global.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/uni-helm/templates/statefulsets.yaml b/charts/uni-helm/templates/statefulsets.yaml new file mode 100644 index 0000000..fe29a7c --- /dev/null +++ b/charts/uni-helm/templates/statefulsets.yaml @@ -0,0 +1,215 @@ +{{- range $stsi, $sts := $.Values.statefulsets }} +{{- $volumeName := printf "%s-data" $sts.name }} + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $sts.name }} + labels: + {{- include "general.labels" $ | nindent 4 }} + {{- with $sts.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ $sts.name }} + podManagementPolicy: {{ default "Parallel" $.Values.global.podManagementPolicy }} + updateStrategy: + type: {{ default "RollingUpdate" $.Values.global.updateStrategy }} + {{- if (eq "Recreate" (default "RollingUpdate" $.Values.global.updateStrategy)) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + statefulsetname: {{ $sts.name }} + replicas: {{ default 1 $sts.replicas }} + template: + metadata: + name: {{ template "general.fullname" $ }} + labels: + {{- include "general.labels" $ | nindent 8 }} + {{- with $sts.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + statefulsetname: {{ $sts.name }} + {{- with (merge (default (dict ) $sts.podAnnotations) (default (dict ) $.Values.global.podAnnotations))}} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "general.sa_name" $ }} + terminationGracePeriodSeconds: {{ default 30 $.Values.global.terminationGracePeriodSeconds }} + {{- with $sts.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $sts.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $sts.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $sts.topologySpreadConstraints }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with (default $.Values.global.securityContext $sts.securityContext) }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with $sts.initContainers }} + initContainers: + {{- toYaml . | nindent 6 }} + {{- end }} + + {{- with $sts.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 8 }} + {{- end }} + containers: + {{- range $kcntnr, $cntnr := $sts.containers }} + - name: {{ $cntnr.name }} + image: "{{ $cntnr.image.repository }}:{{ $cntnr.image.tag }}" + imagePullPolicy: {{ default "IfNotPresent" $.Values.global.imagePullPolicy }} + + {{- with $cntnr.envFrom }} + envFrom: {{- toYaml . | nindent 12}} + {{- end }} + {{- with $cntnr.env }} + env: {{- toYaml . | nindent 12}} + {{- end }} + + {{- with $cntnr.workingDir }} + workingDir: {{ . }} + {{- end }} + {{- with $cntnr.command }} + command: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with $cntnr.args }} + args: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with $cntnr.resources }} + resources: {{- toYaml . | nindent 12 }} + {{- end }} + {{- with $cntnr.lifecycle }} + lifecycle: {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with (default (list ) $cntnr.securityContext) }} + securityContext: {{- toYaml . | nindent 12 }} + {{- end }} + + ports: + {{- range $kprt, $prt := $cntnr.ports }} + - name: {{ $prt.name}} + protocol: {{ default "TCP" $prt.protocol }} + containerPort: {{ $prt.port }} + {{- end }} + + {{- with (default (list ) $cntnr.startupProbe) }} + startupProbe: {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with (default (list ) $cntnr.livenessProbe) }} + livenessProbe: {{- toYaml . | nindent 12 }} + {{- end }} + + {{- with (default (list ) $cntnr.readinessProbe) }} + readinessProbe: {{- toYaml . | nindent 12 }} + {{- end }} + + volumeMounts: + - name: {{ $volumeName }} + mountPath: {{ $sts.persistence.volumeMountPath }} + + # Volume mounts from mountConfigMaps + {{- range $cm := $cntnr.mountConfigMaps }} + - name: {{$cm.name}} + mountPath: {{ $cm.mountPath }} + {{- end }} + + # Volume mounts from mountSecrets + {{- range $sec := $cntnr.mountSecrets }} + - name: {{$sec.name}} + mountPath: {{ $sec.mountPath }} + readOnly: true + {{- end }} + + {{- range $vol := $cntnr.extraVolumes }} + - name: {{default (default $vol.secretName $vol.configMap) $vol.persistentVolumeClaim}} + mountPath: {{$vol.mountPath}} + {{- end }} + {{- end }} # {{/* range $kcntnr, $cntnr := $sts.containers */}} + + volumes: + {{- range $cntnr := $sts.containers }} + {{- range $cm := $cntnr.mountConfigMaps }} + - name: {{$cm.name}} + configMap: + name: {{$cm.name}} + {{- end }} + {{- end }} + + {{- range $cntnr := $sts.containers }} + {{- range $sec := $cntnr.mountSecrets }} + - name: {{$sec.name}} + secret: + secretName: {{$sec.name}} + optional: false + {{- end }} + {{- end }} + + {{- range $cntnr := $sts.containers -}} + {{- range $vol := $cntnr.extraVolumes }} + {{- if hasKey $vol "secretName" }} + - name: {{$vol.secretName}} + secret: + secretName: {{$vol.secretName}} + optional: false + {{- else if hasKey $vol "configMap" }} + - name: {{$vol.configMap}} + configMap: + name: {{$vol.configMap}} + {{- else if hasKey $vol "persistentVolumeClaim" }} + - name: {{$vol.persistentVolumeClaim}} + persistentVolumeClaim: + claimName: {{$vol.persistentVolumeClaim}} + {{- end }} + {{- end }} + {{- end }} + {{- if $sts.persistence}}{{- if $sts.persistence.extraVolumes}} + {{- range $vol := $sts.persistence.extraVolumes }} + {{- if hasKey $vol "secretName" }} + - name: {{$vol.secretName}} + secret: + secretName: {{$vol.secretName}} + optional: false + {{- else if hasKey $vol "configMap" }} + - name: {{$vol.configMap}} + configMap: + name: {{$vol.configMap}} + {{- else if hasKey $vol "persistentVolumeClaim" }} + - name: {{$vol.persistentVolumeClaim}} + persistentVolumeClaim: + claimName: {{$vol.persistentVolumeClaim}} + {{- end }} + {{- end }} + {{- end }}{{- end }} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: {{ $volumeName }} + spec: + {{- if $sts.persistence.storageClassName }} + storageClassName: {{ $sts.persistence.storageClassName }} + {{- end }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ $sts.persistence.size | quote }} + {{- if $sts.persistence.gcpVolumeSnapshot }} + dataSource: + name: {{ $sts.persistence.gcpVolumeSnapshot | quote }} + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + {{- end }} +{{ end }} # {{/* range $stsi, $sts := $.Values.statefulsets */}} diff --git a/charts/uni-helm/values.yaml b/charts/uni-helm/values.yaml new file mode 100644 index 0000000..b36fab9 --- /dev/null +++ b/charts/uni-helm/values.yaml @@ -0,0 +1,35 @@ +statefulsets: [] + +deployments: [] + +cronjobs: [] + +global: + serviceAccount: + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + create: true + podAnnotations: {} + nameOverride: "" + fullnameOverride: "" + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + updateStrategy: RollingUpdate + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + # emissary: + # emissaryServiceName: emissary-ingress.emissary-ingress + # tlsSecret: + # name: "" + # namespace: "" + +additionalManifests: [] +additionalYamlManifests: ""