Public Information

2025-01-24 16:18:47 +01:00
commit 0bd2038c86
449 changed files with 108655 additions and 0 deletions
--- a/charts/prepper/templates/application.tpl
+++ b/charts/prepper/templates/application.tpl
@@ -0,0 +1,19 @@
+apiVersion: nplus.cloud/v1beta1
+kind: Application
+metadata:
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  name: {{ .component.fullName }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.annotations" . | nindent 4 }}
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  download:
+    {{- toYaml .Values.download | nindent 4 }}
+  run:
+    {{- toYaml .Values.run | nindent 4 }}
+  selector:
+    {{- include "nplus.selectorLabels" . | nindent 4 }}
--- a/charts/prepper/templates/config.tpl
+++ b/charts/prepper/templates/config.tpl
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .component.fullName }}-config
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+data:
+{{- range $path, $bytes := .Files.Glob "config/*" }}
+{{- base $path | nindent 2 }}: |
+{{- tpl ($.Files.Get $path) $ | nindent 4 }}
+{{- end }}
--- a/charts/prepper/templates/job.tpl
+++ b/charts/prepper/templates/job.tpl
@@ -0,0 +1,65 @@
+{{- include "nplus.init" $ -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  # Deletion ist done by Operator when successful, so no ttl necessary.
+  # ttlSecondsAfterFinished: 60
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/version: {{ .Chart.AppVersion }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .instance.group | default .instance.name | default .Release.Name }}
+        app.kubernetes.io/component: {{ .component.chartName }}
+        {{- include "nplus.templateLabels" . | nindent 8 }}
+    spec:
+      # hostname: {{ .component.fullName }}
+      {{- include "nplus.imagePullSecrets" . | nindent 6 }}
+      {{- include "nplus.podSecurityContext" . | nindent 6 }}
+      {{- include "nplus.terminationGracePeriodSeconds" . | nindent 6 }}
+      
+      initContainers:
+      {{- include "nplus.waitFor" . | nindent 6 }}
+      {{- include "nplus.copyConfig" . | nindent 6 }}
+      
+      containers:
+      - name: run
+        image: {{ include "nplus.image"  (dict "global" .Values.global "image" .Values.image) }}
+        imagePullPolicy: {{ include "nplus.imagePullPolicy" .Values.image }}
+        {{- include "nplus.containerSecurityContext" . | nindent 8 }}
+        env:
+        {{- include "nplus.environment" . | nindent 8 }}
+
+        command: ["/bin/bash", "-c", "/config/run"]
+
+        {{- include "nplus.resources" . | nindent 8 }}
+
+        volumeMounts:
+        {{- include "nplus.defaultMounts" . | nindent 8 }}
+        - name: config
+          mountPath: /config
+        - name: conf
+          subPath: {{ .this.instance.name }}
+          mountPath: /instance
+
+      volumes:
+      {{- include "nplus.defaultVolumes" . | nindent 6 }}
+      - name: config
+        configMap:
+          name: {{ .component.fullName }}-config
+          defaultMode: 0777
+
+      restartPolicy: Never
+  backoffLimit: 0
+
--- a/charts/prepper/templates/networkpolicy.tpl
+++ b/charts/prepper/templates/networkpolicy.tpl
@@ -0,0 +1,38 @@
+{{- include "nplus.init" $ -}}
+{{- if ((.this.security).cni).createNetworkPolicy }}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ .component.fullName }}
+  {{- if .this.utils.includeNamespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "nplus.instanceLabels" . | nindent 4 }}
+  annotations:
+    {{- include "nplus.argoWave" . | nindent 4 }}
+    {{- include "nplus.annotations" . | nindent 4 }}
+    {{- include "nplus.securityAnnotations" . | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+    {{- include "nplus.selectorLabels" . | nindent 6 }}
+
+  policyTypes:
+  - Egress
+
+  egress:
+  - ports:
+    # -- Allow https access for downloading
+    - protocol: TCP
+      port: 443
+    # -- Allow http access for downloading
+    - protocol: TCP
+      port: 80
+    # -- Allow access to DNS
+    - protocol: TCP
+      port: 53
+    # -- Allow access to DNS
+    - protocol: UDP
+      port: 53
+{{- end }}