Public Information
This commit is contained in:
11
charts/instance/templates/NOTES.txt
Normal file
11
charts/instance/templates/NOTES.txt
Normal file
@@ -0,0 +1,11 @@
|
||||
CHART NAME: {{ .component.chart }}
|
||||
CHART VERSION: {{ .Chart.Version }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
APP VERSION: {{ .Chart.AppVersion }}
|
||||
{{- end }}
|
||||
|
||||
** Please be patient while the chart is being deployed **
|
||||
|
||||
uninstall {{ .Release.Name }} using
|
||||
|
||||
helm uninstall {{ include "nplus.cli" . }}
|
||||
1
charts/instance/templates/certificate.tpl
Normal file
1
charts/instance/templates/certificate.tpl
Normal file
@@ -0,0 +1 @@
|
||||
{{- include "nplus.certificate" . | nindent 0 }}
|
||||
54
charts/instance/templates/instance.tpl
Normal file
54
charts/instance/templates/instance.tpl
Normal file
@@ -0,0 +1,54 @@
|
||||
{{- include "nplus.init" $ -}}
|
||||
|
||||
{{/*
|
||||
Assemble List of Components
|
||||
*/}}
|
||||
{{- define "nplus.instance.getComponents" -}}
|
||||
{{- $mylist := list -}}
|
||||
{{- range $key, $value := .Values.components }}
|
||||
{{- if $value }}
|
||||
{{- $replicas := (( index $.Values $key ).replicaCount | default 1) | int }}
|
||||
{{- if (gt $replicas 1) }}
|
||||
{{- $mylist = append $mylist (printf "%s(%d)" ($key) $replicas) }}
|
||||
{{- else }}
|
||||
{{- $mylist = append $mylist (printf "%s" ($key)) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- join "," $mylist -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Assemble List of Expectations
|
||||
*/}}
|
||||
{{- define "nplus.instance.getExpected" -}}
|
||||
{{- range $key, $value := .Values.components }}
|
||||
{{- if $value }}
|
||||
{{- $replicas := (( index $.Values $key ).replicaCount | default 1) | int }}
|
||||
- component: {{ $key }}
|
||||
replicaCount: {{ $replicas }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
apiVersion: nplus.cloud/v1beta1
|
||||
kind: Instance
|
||||
metadata:
|
||||
{{- if .this.utils.includeNamespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
name: {{ .Release.Name }}
|
||||
labels:
|
||||
{{- include "nplus.instanceLabels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- include "nplus.annotations" . | nindent 4 }}
|
||||
argocd.argoproj.io/sync-wave: "1"
|
||||
spec:
|
||||
nscaleVersion: {{ .instance.version | quote }}
|
||||
components: {{ include "nplus.instance.getComponents" . }}
|
||||
handler: {{ .component.handler }}
|
||||
expected:
|
||||
{{- include "nplus.instance.getExpected" . | indent 2 }}
|
||||
tenant: {{ (.this.meta).tenant }}
|
||||
provider: {{ (.this.meta).provider }}
|
||||
url: {{ include "nplus.url" . | quote }}
|
||||
39
charts/instance/templates/nappl-cluster-service.tpl
Normal file
39
charts/instance/templates/nappl-cluster-service.tpl
Normal file
@@ -0,0 +1,39 @@
|
||||
{{- include "nplus.init" $ -}}
|
||||
{{- if or (.Values.components).nappl (.Values.components).nappljobs -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ .component.prefix }}nappl-cluster
|
||||
{{- if .this.utils.includeNamespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "nplus.instanceLabels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- include "nplus.argoWave" . | nindent 4 }}
|
||||
{{- include "nplus.annotations" . | nindent 4 }}
|
||||
{{- include "nplus.securityAnnotations" . | nindent 4 }}
|
||||
spec:
|
||||
|
||||
# this is a "headless service", no cluster IP is defined
|
||||
# as none of the internal components need to access this service.
|
||||
# It is purely used to collect the EndPointSlices
|
||||
type: ClusterIP
|
||||
clusterIP: None
|
||||
|
||||
ports:
|
||||
{{- if not (.this.security).zeroTrust }}
|
||||
- name: http
|
||||
port: 8080
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
- name: https
|
||||
port: 8443
|
||||
targetPort: https
|
||||
protocol: TCP
|
||||
|
||||
selector:
|
||||
nplus/group: {{ .instance.group }}
|
||||
nplus/type: core
|
||||
{{- end -}}
|
||||
115
charts/instance/templates/networkpolicy.tpl
Normal file
115
charts/instance/templates/networkpolicy.tpl
Normal file
@@ -0,0 +1,115 @@
|
||||
{{- include "nplus.init" $ -}}
|
||||
{{- if ((.this.security).cni).createNetworkPolicy }}
|
||||
|
||||
{{- if ((.this.security).cni).defaultIngressPolicy }}
|
||||
{{- if eq ((.this.security).cni).defaultIngressPolicy "deny" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ .component.prefix }}default-deny-ingress
|
||||
{{- if .this.utils.includeNamespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "nplus.instanceLabels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
nplus/group: {{ .instance.group }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
{{- end }}
|
||||
---
|
||||
{{- if eq ((.this.security).cni).defaultIngressPolicy "allow" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ .component.prefix }}default-allow-ingress
|
||||
{{- if .this.utils.includeNamespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "nplus.instanceLabels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
nplus/group: {{ .instance.group }}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- {}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
---
|
||||
{{- if ((.this.security).cni).defaultEgressPolicy }}
|
||||
{{- if eq ((.this.security).cni).defaultEgressPolicy "deny" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ .component.prefix }}default-deny-egress
|
||||
{{- if .this.utils.includeNamespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "nplus.instanceLabels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
nplus/group: {{ .instance.group }}
|
||||
policyTypes:
|
||||
- Egress
|
||||
{{- end }}
|
||||
---
|
||||
{{- if eq ((.this.security).cni).defaultEgressPolicy "allow" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ .component.prefix }}default-allow-egress
|
||||
{{- if .this.utils.includeNamespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "nplus.instanceLabels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
nplus/group: {{ .instance.group }}
|
||||
policyTypes:
|
||||
- Egress
|
||||
ingress:
|
||||
- {}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
|
||||
|
||||
|
||||
---
|
||||
kind: NetworkPolicy
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ .component.prefix }}allow-dns
|
||||
{{- if .this.utils.includeNamespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
nplus/group: {{ .instance.group }}
|
||||
policyTypes:
|
||||
- Egress
|
||||
egress:
|
||||
- to:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: kube-system
|
||||
ports:
|
||||
- protocol: UDP
|
||||
port: 53
|
||||
- protocol: TCP
|
||||
port: 53
|
||||
|
||||
|
||||
{{- end }}
|
||||
7
charts/instance/templates/sanity.tpl
Normal file
7
charts/instance/templates/sanity.tpl
Normal file
@@ -0,0 +1,7 @@
|
||||
{{- if (and (.Values.components).nstl ( or (.Values.components).nstla (.Values.components).nstlb (.Values.components).nstlc (.Values.components).nstld)) -}}
|
||||
{{- fail "You can only choose nstl or nstl[a-d], not both" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if (and (.Values.components).sharepoint ( or (.Values.components).sharepointa (.Values.components).sharepointb (.Values.components).sharepointc (.Values.components).sharepointd)) -}}
|
||||
{{- fail "You can only choose sharepoint or sharepoint[a-d], not both" -}}
|
||||
{{- end -}}
|
||||
Reference in New Issue
Block a user