diff --git a/Makefile b/Makefile index 36791d7..aec52ce 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,9 @@ lint: ## Generate README ## https://github.com/norwoodj/helm-docs docs: - @docker run --rm --volume "$$(pwd):/helm-docs" jnorwood/helm-docs:v1.12.0 --template-files ./README.md.gotmpl + @for dir in ./charts/* ; do \ + docker run --rm --volume "$$(pwd)/$${dir}:/helm-docs/$${dir}" jnorwood/helm-docs:v1.12.0 --template-files "$${dir}/README.md.gotmpl" ;\ + done .PHONY: schema ## Generate values JSON schema diff --git a/charts/contentserver/.helmignore b/charts/contentserver/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/contentserver/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/contentserver/Chart.yaml b/charts/contentserver/Chart.yaml new file mode 100644 index 0000000..e1bdebb --- /dev/null +++ b/charts/contentserver/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +type: application +name: contentserver +description: Helm chart for the foomo Content Server. +icon: https://avatars.githubusercontent.com/u/889755?s=200&v=4 +home: https://www.foomo.org +keywords: + - foomo + - foomo-contentserver +sources: + - https://github.com/foomo/helm-charts + - https://github.com/foomo/contentserver +annotations: + "artifacthub.io/links": | + - name: Chart Source + url: https://github.com/foomo/helm-charts + - name: Image Source + url: https://github.com/foomo/contentserver + +version: 0.0.1 +appVersion: 1.10.2 diff --git a/charts/contentserver/README.md b/charts/contentserver/README.md new file mode 100644 index 0000000..793e233 --- /dev/null +++ b/charts/contentserver/README.md @@ -0,0 +1,109 @@ +# contentserver + +![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.10.2](https://img.shields.io/badge/AppVersion-1.10.2-informational?style=flat-square) + +Helm chart for the foomo Content Server. + +**Homepage:** + +## Resources + +- [Source](https://github.com/foomo/helm-charts) +- [GTM Changelog](https://developers.google.com/tag-platform/tag-manager/server-side/release-notes) + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| contentserver.affinity | object | `{}` | Affinity settings for pods. | +| contentserver.autoscaling.behavior.enabled | bool | `false` | Enable autoscaling behaviours | +| contentserver.autoscaling.behavior.scaleDown | object | `{}` | Scale down policies, must conform to HPAScalingRules | +| contentserver.autoscaling.behavior.scaleUp | object | `{}` | Scale up policies, must conform to HPAScalingRules | +| contentserver.autoscaling.customMetrics | list | `[]` | Custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) | +| contentserver.autoscaling.enabled | bool | `false` | Enable autoscaling | +| contentserver.autoscaling.maxReplicas | int | `100` | Maximum autoscaling replicas | +| contentserver.autoscaling.minReplicas | int | `1` | Minimum autoscaling replicas | +| contentserver.autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilisation percentage | +| contentserver.autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target memory utilisation percentage | +| contentserver.dnsConfig | object | `{}` | DNSConfig settings for pods. | +| contentserver.extraArgs | list | `[]` | Arguements to add | +| contentserver.extraEnv | list | `[]` | Environment variables to add | +| contentserver.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add | +| contentserver.extraPorts | list | `[]` | Port definitions to add | +| contentserver.extraVolumeMounts | list | `[]` | Volume mounts to add | +| contentserver.extraVolumes | list | `[]` | Volumes to add | +| contentserver.hostAliases | list | `[]` | Host aliases to add | +| contentserver.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | +| contentserver.image.repository | string | `"foomo/contentserver"` | The image repository | +| contentserver.image.tag | string | `"1.10.2"` | The image tag | +| contentserver.imagePullSecrets | list | `[]` | Image pull secrets | +| contentserver.livenessProbe | object | `{"tcpSocket":{"port":8080}}` | Liveness probe settings for pods. | +| contentserver.maxUnavailable | string | `nil` | Pod Disruption Budget maxUnavailable | +| contentserver.nodeSelector | object | `{}` | Tolerations settings for pods. | +| contentserver.podAnnotations | object | `{}` | Annotations for pods | +| contentserver.podLabels | object | `{}` | Labels for pods | +| contentserver.podSecurityContext | object | `{}` | The SecurityContext for pods | +| contentserver.readinessProbe | object | `{"tcpSocket":{"port":8080}}` | Readiness probe settings for pods. | +| contentserver.replicaCount | int | `1` | Number of replicas | +| contentserver.resources | object | `{}` | Resource request & limits. | +| contentserver.roll | bool | `false` | Always roll your deployment | +| contentserver.securityContext | object | `{}` | | +| contentserver.service.annotations | object | `{}` | Annotations for the service | +| contentserver.service.labels | object | `{}` | Labels for service | +| contentserver.service.port | int | `8080` | Port of the service | +| contentserver.service.type | string | `"ClusterIP"` | Type of the service | +| contentserver.startupProbe | object | `{"tcpSocket":{"port":8080}}` | Startup probe settings for pods. | +| contentserver.tolerations | list | `[]` | Tolerations settings for pods. | +| fullnameOverride | string | `""` | Overrides the chart's computed fullname | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0] | string | `"example.com"` | | +| ingress.paths.contentserver[0].path | string | `"/contentserver"` | | +| ingress.paths.contentserver[0].pathType | string | `"Prefix"` | | +| ingress.paths.contentserver[0].port | int | `8080` | | +| ingress.tls | list | `[]` | | +| nameOverride | string | `""` | Overrides the chart's name | +| namespaceOverride | string | `""` | The name of the Namespace to deploy If not set, `.Release.Namespace` is used | +| networkPolicy.discovery.namespaceSelector | object | `{}` | Specifies the namespace the discovery Pods are running in | +| networkPolicy.discovery.podSelector | object | `{}` | Specifies the Pods labels used for discovery. As this is cross-namespace communication, you also need the namespaceSelector. | +| networkPolicy.discovery.port | string | `nil` | Specify the port used for discovery | +| networkPolicy.enabled | bool | `false` | Specifies whether Network Policies should be created | +| networkPolicy.externalStorage.cidrs | list | `[]` | Specifies specific network CIDRs you want to limit access to | +| networkPolicy.externalStorage.ports | list | `[]` | Specify the port used for external storage, e.g. AWS S3 | +| networkPolicy.ingress.namespaceSelector | object | `{}` | Specifies the namespaces which are allowed to access the http port | +| networkPolicy.ingress.podSelector | object | `{}` | Specifies the Pods which are allowed to access the http port. As this is cross-namespace communication, you also need the namespaceSelector. | +| networkPolicy.metrics.cidrs | list | `[]` | Specifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes. | +| networkPolicy.metrics.namespaceSelector | object | `{}` | Specifies the namespaces which are allowed to access the metrics port | +| networkPolicy.metrics.podSelector | object | `{}` | Specifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also need the namespaceSelector. | +| persistence.accessModes | list | `["ReadWriteOnce"]` | Access modes for the PVC | +| persistence.annotations | object | `{}` | Annotations for the PVC | +| persistence.enabled | bool | `false` | Enable persistent storage | +| persistence.labels | object | `{}` | Labels for the PVC | +| persistence.path | string | `"/var/lib/contentserver"` | - File storage location | +| persistence.size | string | `"1Gi"` | Storage size | +| persistence.storageClass | string | `""` | - Storage class to be used | +| rbac.enabled | bool | `false` | Create PodSecurityPolicy. | +| repository.poll | bool | `false` | - If true, the address arg will be used to periodically poll the content url e.g. http://contentserverexport:8080/poll-revision | +| repository.timeout | string | `"2m"` | - Timeout duration for the contentserver | +| repository.url | string | `""` | Repository server url e.g. http://contentserverexport:8080 | +| revisionHistoryLimit | int | `10` | Number of revisions to retain to allow rollback | +| server.address | string | `":8080"` | - Address to bind web server host:port, when empty no webserver will be spawned | +| server.path | string | `"/contentserver"` | Path to export the webserver on - useful when behind a proxy e.g. /contentserver | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template | +| serviceMonitor.annotations | object | `{}` | ServiceMonitor annotations | +| serviceMonitor.enabled | bool | `false` | If enabled, ServiceMonitor resources for Prometheus Operator are created | +| serviceMonitor.interval | string | `nil` | ServiceMonitor scrape interval | +| serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | +| serviceMonitor.matchExpressions | list | `[]` | Optional expressions to match on | +| serviceMonitor.metricRelabelings | list | `[]` | ServiceMonitor metric relabel configs to apply to samples before ingestion https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint | +| serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor resources | +| serviceMonitor.namespaceSelector | object | `{}` | Namespace selector for ServiceMonitor resources | +| serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig | +| serviceMonitor.scheme | string | `"http"` | ServiceMonitor will use http by default, but you can pick https as well | +| serviceMonitor.scrapeTimeout | string | `nil` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | +| serviceMonitor.targetLabels | list | `[]` | | +| serviceMonitor.tlsConfig | string | `nil` | ServiceMonitor will use these tlsConfig settings to make the health check requests | diff --git a/charts/contentserver/README.md.gotmpl b/charts/contentserver/README.md.gotmpl new file mode 100644 index 0000000..1d0c182 --- /dev/null +++ b/charts/contentserver/README.md.gotmpl @@ -0,0 +1,19 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +## Resources + +- [Source](https://github.com/foomo/helm-charts) +- [GTM Changelog](https://developers.google.com/tag-platform/tag-manager/server-side/release-notes) + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/contentserver/templates/_helpers.tpl b/charts/contentserver/templates/_helpers.tpl new file mode 100644 index 0000000..75f7e59 --- /dev/null +++ b/charts/contentserver/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "contentserver.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "contentserver.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "contentserver.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "contentserver.labels" -}} +helm.sh/chart: {{ include "contentserver.chart" . }} +{{ include "contentserver.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "contentserver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "contentserver.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "contentserver.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "contentserver.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the name of the namespace +*/}} +{{- define "contentserver.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride }} +{{- end }} diff --git a/charts/contentserver/templates/contentserver/_helpers.tpl b/charts/contentserver/templates/contentserver/_helpers.tpl new file mode 100644 index 0000000..876c61b --- /dev/null +++ b/charts/contentserver/templates/contentserver/_helpers.tpl @@ -0,0 +1,20 @@ +{{/* +default fullname +*/}} +{{- define "contentserver.contentserver.fullname" -}} +{{ include "contentserver.fullname" . }} +{{- end }} + +{{/* +default common labels +*/}} +{{- define "contentserver.contentserver.labels" -}} +{{ include "contentserver.labels" . }} +{{- end }} + +{{/* +default selector labels +*/}} +{{- define "contentserver.contentserver.selectorLabels" -}} +{{ include "contentserver.selectorLabels" . }} +{{- end }} diff --git a/charts/contentserver/templates/contentserver/deployment.yaml b/charts/contentserver/templates/contentserver/deployment.yaml new file mode 100644 index 0000000..45ba483 --- /dev/null +++ b/charts/contentserver/templates/contentserver/deployment.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "contentserver.contentserver.fullname" . }} + labels: + {{- include "contentserver.contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + {{- if not .Values.contentserver.autoscaling.enabled }} + replicas: {{ .Values.contentserver.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "contentserver.contentserver.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "contentserver.contentserver.labels" . | nindent 8 }} + {{- with .Values.contentserver.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contentserver.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "contentserver.serviceAccountName" . }} + {{- with .Values.contentserver.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contentserver.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contentserver.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: contentserver + {{- with .Values.contentserver.image }} + image: "{{ .repository }}:{{ .tag }}" + imagePullPolicy: {{ .pullPolicy }} + {{- end }} + {{- with .Values.contentserver.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.contentserver.service.port }} + protocol: TCP + args: + - -var-dir + - {{ .Values.persistence.path }} + {{- if .Values.server.address }} + - -webserver-address + - {{ .Values.server.address }} + - -webserver-path + - {{ .Values.server.path }} + {{- end }} + {{- if .Values.repository.poll }} + - -poll + {{- end }} + - -repository-timeout-duration + - {{ .Values.repository.timeout }} + {{- with .Values.contentserver.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + - {{ .Values.repository.url }} + env: + {{- with .Values.contentserver.extraEnv }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.contentserver.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + readinessProbe: + {{- toYaml .Values.contentserver.readinessProbe | nindent 12 }} + livenessProbe: + {{- toYaml .Values.contentserver.livenessProbe | nindent 12 }} + {{- with .Values.contentserver.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.contentserver.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.persistence.enabled }} + - name: storage + persistentVolumeClaim: + claimName: {{ include "contentserver.contentserver.fullname" . }} + readOnly: false + {{- end }} + {{- with .Values.contentserver.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contentserver.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contentserver.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contentserver.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.contentserver.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/contentserver/templates/contentserver/hpa.yaml b/charts/contentserver/templates/contentserver/hpa.yaml new file mode 100644 index 0000000..4c6596f --- /dev/null +++ b/charts/contentserver/templates/contentserver/hpa.yaml @@ -0,0 +1,45 @@ +{{- if .Values.contentserver.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "contentserver.contentserver.fullname" . }} + labels: + {{- include "contentserver.contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "contentserver.contentserver.fullname" . }} + minReplicas: {{ .Values.contentserver.autoscaling.minReplicas }} + maxReplicas: {{ .Values.contentserver.autoscaling.maxReplicas }} + metrics: + {{- if .Values.contentserver.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.contentserver.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.contentserver.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.contentserver.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- with .Values.contentserver.autoscaling.customMetrics }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.contentserver.autoscaling.behavior.enabled }} + behavior: + {{- with .Values.contentserver.autoscaling.behavior.scaleDown }} + scaleDown: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.contentserver.autoscaling.behavior.scaleUp }} + scaleUp: {{ toYaml . | nindent 6 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/contentserver/templates/contentserver/persistentvolumeclaim.yaml b/charts/contentserver/templates/contentserver/persistentvolumeclaim.yaml new file mode 100644 index 0000000..0cfaeae --- /dev/null +++ b/charts/contentserver/templates/contentserver/persistentvolumeclaim.yaml @@ -0,0 +1,23 @@ +{{- if .Values.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "contentserver.contentserver.fullname" . }} + labels: + {{- include "contentserver.contentserver.labels" . | nindent 4 }} + {{- with .Values.persistence.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.persistence.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ include "contentserver.namespace" . }} +spec: + accessModes: + {{- .Values.persistence.accessModes | toYaml | nindent 4 }} + storageClassName: {{ .Values.persistence.storageClass }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end }} diff --git a/charts/contentserver/templates/contentserver/poddisruptionbudget.yaml b/charts/contentserver/templates/contentserver/poddisruptionbudget.yaml new file mode 100644 index 0000000..844acaf --- /dev/null +++ b/charts/contentserver/templates/contentserver/poddisruptionbudget.yaml @@ -0,0 +1,16 @@ +{{- if gt (int .Values.contentserver.replicaCount) 1 }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "contentserver.contentserver.fullname" . }} + labels: + {{- include "contentserver.contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + selector: + matchLabels: + {{- include "contentserver.contentserver.selectorLabels" . | nindent 6 }} + {{- with .Values.contentserver.maxUnavailable }} + maxUnavailable: {{ . }} + {{- end }} +{{- end }} diff --git a/charts/contentserver/templates/contentserver/service.yaml b/charts/contentserver/templates/contentserver/service.yaml new file mode 100644 index 0000000..1568972 --- /dev/null +++ b/charts/contentserver/templates/contentserver/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "contentserver.contentserver.fullname" . }} + labels: + {{- include "contentserver.contentserver.labels" . | nindent 4 }} + {{- with .Values.contentserver.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ include "contentserver.namespace" . }} +spec: + type: {{ .Values.contentserver.service.type }} + ports: + - name: http + port: {{ .Values.contentserver.service.port }} + targetPort: http + selector: + {{- include "contentserver.contentserver.selectorLabels" . | nindent 4 }} diff --git a/charts/contentserver/templates/contentserver/servicemonitor.yaml b/charts/contentserver/templates/contentserver/servicemonitor.yaml new file mode 100644 index 0000000..6879a26 --- /dev/null +++ b/charts/contentserver/templates/contentserver/servicemonitor.yaml @@ -0,0 +1,61 @@ +{{- if .Values.serviceMonitor.enabled }} +{{- if .Capabilities.APIVersions.Has "monitoring.coreos.com/v1"}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "contentserver.contentserver.fullname" $ }} + {{- with .Values.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "contentserver.contentserver.labels" $ | nindent 4 }} + {{- with .Values.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- else }} + namespace: {{ include "contentserver.namespace" . }} + {{- end }} +spec: + {{- with .Values.serviceMonitor.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "contentserver.contentserver.selectorLabels" $ | nindent 6 }} + {{- with .Values.serviceMonitor.matchExpressions }} + matchExpressions: + {{- toYaml . | nindent 6 }} + {{- end }} + endpoints: + - port: http + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.serviceMonitor.targetLabels }} + targetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/contentserver/templates/contentserver/validate.yaml b/charts/contentserver/templates/contentserver/validate.yaml new file mode 100644 index 0000000..3eb37bf --- /dev/null +++ b/charts/contentserver/templates/contentserver/validate.yaml @@ -0,0 +1,3 @@ +{{- if and (gt (int .Values.contentserver.replicaCount) 1) (kindIs "invalid" .Values.contentserver.maxUnavailable)}} +{{- fail "`.Values.preview.maxUnavailable` must be set when `.Values.preview.replicas` is greater than 1." }} +{{- end }} diff --git a/charts/contentserver/templates/ingress.yaml b/charts/contentserver/templates/ingress.yaml new file mode 100644 index 0000000..7472b02 --- /dev/null +++ b/charts/contentserver/templates/ingress.yaml @@ -0,0 +1,39 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "contentserver.fullname" . -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "contentserver.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ include "contentserver.namespace" . }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + {{- range $svcName, $paths := $.Values.ingress.paths }} + {{- range $paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ include "contentserver.fullname" $ }}-{{ $svcName }} + port: + number: {{ .port }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.ingress.tls }} + tls: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/contentserver/templates/networkpolicy.yaml b/charts/contentserver/templates/networkpolicy.yaml new file mode 100644 index 0000000..0e198f0 --- /dev/null +++ b/charts/contentserver/templates/networkpolicy.yaml @@ -0,0 +1,171 @@ +{{- if .Values.networkPolicy.enabled }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "contentserver.name" . }}-namespace-only + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + policyTypes: + - Ingress + - Egress + podSelector: {} + egress: + - to: + - podSelector: {} + ingress: + - from: + - podSelector: {} + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "contentserver.name" . }}-egress-dns + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + policyTypes: + - Egress + podSelector: + matchLabels: + {{- include "contentserver.selectorLabels" . | nindent 6 }} + egress: + - ports: + - port: 53 + protocol: UDP + to: + - namespaceSelector: {} + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "contentserver.name" . }}-ingress + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + policyTypes: + - Ingress + podSelector: + matchExpressions: + - key: app.kubernetes.io/component + operator: In + values: + - gtm-preview + - gtm-tagging + matchLabels: + {{- include "contentserver.selectorLabels" . | nindent 6 }} + ingress: + - ports: + - port: http + protocol: TCP + {{- if .Values.networkPolicy.ingress.namespaceSelector }} + from: + - namespaceSelector: + {{- toYaml .Values.networkPolicy.ingress.namespaceSelector | nindent 12 }} + {{- if .Values.networkPolicy.ingress.podSelector }} + podSelector: + {{- toYaml .Values.networkPolicy.ingress.podSelector | nindent 12 }} + {{- end }} + {{- end }} + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "contentserver.name" . }}-ingress-metrics + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + policyTypes: + - Ingress + podSelector: + matchLabels: + {{- include "contentserver.selectorLabels" . | nindent 6 }} + ingress: + - ports: + - port: http-metrics + protocol: TCP + {{- if .Values.networkPolicy.metrics.cidrs }} + from: + {{- range $cidr := .Values.networkPolicy.metrics.cidrs }} + - ipBlock: + cidr: {{ $cidr }} + {{- end }} + {{- if .Values.networkPolicy.metrics.namespaceSelector }} + - namespaceSelector: + {{- toYaml .Values.networkPolicy.metrics.namespaceSelector | nindent 12 }} + {{- if .Values.networkPolicy.metrics.podSelector }} + podSelector: + {{- toYaml .Values.networkPolicy.metrics.podSelector | nindent 12 }} + {{- end }} + {{- end }} + {{- end }} + +{{- if .Values.networkPolicy.externalStorage.ports }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "contentserver.name" . }}-egress-external-storage + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + policyTypes: + - Egress + podSelector: + matchLabels: + {{- include "contentserver.selectorLabels" . | nindent 6 }} + egress: + - ports: + {{- range $port := .Values.networkPolicy.externalStorage.ports }} + - port: {{ $port }} + protocol: TCP + {{- end }} + {{- if .Values.networkPolicy.externalStorage.cidrs }} + to: + {{- range $cidr := .Values.networkPolicy.externalStorage.cidrs }} + - ipBlock: + cidr: {{ $cidr }} + {{- end }} + {{- end }} +{{- end }} + +{{- end }} + +{{- if .Values.networkPolicy.discovery.port }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "contentserver.name" . }}-egress-discovery + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + policyTypes: + - Egress + podSelector: + matchLabels: + {{- include "contentserver.selectorLabels" . | nindent 6 }} + egress: + - ports: + - port: {{ .Values.networkPolicy.discovery.port }} + protocol: TCP + {{- if .Values.networkPolicy.discovery.namespaceSelector }} + to: + - namespaceSelector: + {{- toYaml .Values.networkPolicy.discovery.namespaceSelector | nindent 12 }} + {{- if .Values.networkPolicy.discovery.podSelector }} + podSelector: + {{- toYaml .Values.networkPolicy.discovery.podSelector | nindent 12 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/contentserver/templates/podsecuritypolicy.yaml b/charts/contentserver/templates/podsecuritypolicy.yaml new file mode 100644 index 0000000..c144974 --- /dev/null +++ b/charts/contentserver/templates/podsecuritypolicy.yaml @@ -0,0 +1,39 @@ +{{- if .Values.rbac.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "contentserver.fullname" . }} + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'configMap' + - 'emptyDir' + - 'persistentVolumeClaim' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL +{{- end }} +{{- end }} diff --git a/charts/contentserver/templates/role.yaml b/charts/contentserver/templates/role.yaml new file mode 100644 index 0000000..ed1528f --- /dev/null +++ b/charts/contentserver/templates/role.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "contentserver.fullname" . }} + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +rules: + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - {{ include "contentserver.fullname" . }} +{{- end }} diff --git a/charts/contentserver/templates/rolebinding.yaml b/charts/contentserver/templates/rolebinding.yaml new file mode 100644 index 0000000..eba03d6 --- /dev/null +++ b/charts/contentserver/templates/rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "contentserver.fullname" . }} + labels: + {{- include "contentserver.labels" . | nindent 4 }} + namespace: {{ include "contentserver.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "contentserver.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "contentserver.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/contentserver/templates/serviceaccount.yaml b/charts/contentserver/templates/serviceaccount.yaml new file mode 100644 index 0000000..1be4f26 --- /dev/null +++ b/charts/contentserver/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "contentserver.serviceAccountName" . }} + labels: + {{- include "contentserver.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ include "contentserver.namespace" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/contentserver/values.schema.json b/charts/contentserver/values.schema.json new file mode 100644 index 0000000..275dcc2 --- /dev/null +++ b/charts/contentserver/values.schema.json @@ -0,0 +1,416 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "contentserver": { + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "behavior": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "scaleDown": { + "type": "object" + }, + "scaleUp": { + "type": "object" + } + } + }, + "customMetrics": { + "type": "array" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "null" + } + } + }, + "dnsConfig": { + "type": "object" + }, + "extraArgs": { + "type": "array" + }, + "extraEnv": { + "type": "array" + }, + "extraEnvFrom": { + "type": "array" + }, + "extraPorts": { + "type": "array" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "hostAliases": { + "type": "array" + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "imagePullSecrets": { + "type": "array" + }, + "livenessProbe": { + "type": "object", + "properties": { + "tcpSocket": { + "type": "object", + "properties": { + "port": { + "type": "integer" + } + } + } + } + }, + "maxUnavailable": { + "type": "null" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object" + }, + "readinessProbe": { + "type": "object", + "properties": { + "tcpSocket": { + "type": "object", + "properties": { + "port": { + "type": "integer" + } + } + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object" + }, + "roll": { + "type": "boolean" + }, + "securityContext": { + "type": "object" + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "labels": { + "type": "object" + }, + "port": { + "type": "integer" + }, + "type": { + "type": "string" + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "tcpSocket": { + "type": "object", + "properties": { + "port": { + "type": "integer" + } + } + } + } + }, + "tolerations": { + "type": "array" + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "className": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hosts": { + "type": "array", + "items": { + "type": "string" + } + }, + "paths": { + "type": "object", + "properties": { + "contentserver": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "pathType": { + "type": "string" + }, + "port": { + "type": "integer" + } + } + } + } + } + }, + "tls": { + "type": "array" + } + } + }, + "nameOverride": { + "type": "string" + }, + "namespaceOverride": { + "type": "string" + }, + "networkPolicy": { + "type": "object", + "properties": { + "discovery": { + "type": "object", + "properties": { + "namespaceSelector": { + "type": "object" + }, + "podSelector": { + "type": "object" + }, + "port": { + "type": "null" + } + } + }, + "enabled": { + "type": "boolean" + }, + "externalStorage": { + "type": "object", + "properties": { + "cidrs": { + "type": "array" + }, + "ports": { + "type": "array" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "namespaceSelector": { + "type": "object" + }, + "podSelector": { + "type": "object" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "cidrs": { + "type": "array" + }, + "namespaceSelector": { + "type": "object" + }, + "podSelector": { + "type": "object" + } + } + } + } + }, + "persistence": { + "type": "object", + "properties": { + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "annotations": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "labels": { + "type": "object" + }, + "path": { + "type": "string" + }, + "size": { + "type": "string" + }, + "storageClass": { + "type": "string" + } + } + }, + "rbac": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "repository": { + "type": "object", + "properties": { + "poll": { + "type": "boolean" + }, + "timeout": { + "type": "string" + }, + "url": { + "type": "string" + } + } + }, + "revisionHistoryLimit": { + "type": "integer" + }, + "server": { + "type": "object", + "properties": { + "address": { + "type": "string" + }, + "path": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "automount": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "serviceMonitor": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "interval": { + "type": "null" + }, + "labels": { + "type": "object" + }, + "matchExpressions": { + "type": "array" + }, + "metricRelabelings": { + "type": "array" + }, + "namespace": { + "type": "null" + }, + "namespaceSelector": { + "type": "object" + }, + "relabelings": { + "type": "array" + }, + "scheme": { + "type": "string" + }, + "scrapeTimeout": { + "type": "null" + }, + "targetLabels": { + "type": "array" + }, + "tlsConfig": { + "type": "null" + } + } + } + } +} diff --git a/charts/contentserver/values.yaml b/charts/contentserver/values.yaml new file mode 100644 index 0000000..519b30d --- /dev/null +++ b/charts/contentserver/values.yaml @@ -0,0 +1,269 @@ +# -- Overrides the chart's name +nameOverride: "" +# -- Overrides the chart's computed fullname +fullnameOverride: "" +# -- The name of the Namespace to deploy +# If not set, `.Release.Namespace` is used +namespaceOverride: '' + +# -- Number of revisions to retain to allow rollback +revisionHistoryLimit: 10 + +# Server configuration +server: + # --- Address to bind web server host:port, when empty no webserver will be spawned + address: ':8080' + # -- Path to export the webserver on - useful when behind a proxy e.g. /contentserver + path: '/contentserver' +# Repository configuration +repository: + # --- If true, the address arg will be used to periodically poll the content url e.g. http://contentserverexport:8080/poll-revision + poll: false + # -- Repository server url e.g. http://contentserverexport:8080 + url: '' + # --- Timeout duration for the contentserver + timeout: '2m' + + +# Persistence storage settings +persistence: + # -- Enable persistent storage + enabled: false + # --- Storage class to be used + storageClass: '' + # --- File storage location + path: '/var/lib/contentserver' + # -- Labels for the PVC + labels: {} + # -- Annotations for the PVC + annotations: {} + # -- Access modes for the PVC + accessModes: + - ReadWriteOnce + # -- Storage size + size: 1Gi + +# Content Server +contentserver: + # Your custom collect image + image: + # -- The image repository + repository: 'foomo/contentserver' + # -- The image pull policy + pullPolicy: IfNotPresent + # -- The image tag + tag: '1.10.2' + # -- Always roll your deployment + roll: false + # -- Number of replicas + replicaCount: 1 + # -- Pod Disruption Budget maxUnavailable + maxUnavailable: null + # -- Host aliases to add + hostAliases: [] + # - ip: 1.2.3.4 + # hostnames: + # - domain.tld + # -- Image pull secrets + imagePullSecrets: [] + # -- Annotations for pods + podAnnotations: {} + # -- Labels for pods + podLabels: {} + # -- The SecurityContext for pods + podSecurityContext: {} + # fsGroup: 2000 + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + service: + # -- Port of the service + port: 8080 + # -- Type of the service + type: ClusterIP + # -- Annotations for the service + annotations: {} + # -- Labels for service + labels: {} + # -- Resource request & limits. + resources: {} + # requests: + # cpu: 100m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + # -- Startup probe settings for pods. + startupProbe: + tcpSocket: + port: 8080 + # -- Readiness probe settings for pods. + readinessProbe: + tcpSocket: + port: 8080 + # -- Liveness probe settings for pods. + livenessProbe: + tcpSocket: + port: 8080 + autoscaling: + # -- Enable autoscaling + enabled: false + # -- Minimum autoscaling replicas + minReplicas: 1 + # -- Maximum autoscaling replicas + maxReplicas: 100 + # -- Target CPU utilisation percentage + targetCPUUtilizationPercentage: 80 + # -- Target memory utilisation percentage + targetMemoryUtilizationPercentage: null + # -- Custom metrics using the HPA/v2 schema (for example, Pods, Object or External metrics) + customMetrics: [] + # - type: Pods + # pods: + # metric: + # name: loki_lines_total + # target: + # type: AverageValue + # averageValue: 10k + behavior: + # -- Enable autoscaling behaviours + enabled: false + # -- Scale down policies, must conform to HPAScalingRules + scaleDown: {} + # -- Scale up policies, must conform to HPAScalingRules + scaleUp: {} + # -- Environment variables to add + extraEnv: [] + # -- Arguements to add + extraArgs: [] + # -- Port definitions to add + extraPorts: [] + # -- Environment variables from secrets or configmaps to add + extraEnvFrom: [] + # -- Volume mounts to add + extraVolumeMounts: [] + # - name: foo + # mountPath: "/etc/foo" + # readOnly: true + # -- Volumes to add + extraVolumes: [] + # - name: foo + # secret: + # secretName: mysecret + # optional: false + # -- Tolerations settings for pods. + nodeSelector: {} + # -- Tolerations settings for pods. + tolerations: [] + # -- Affinity settings for pods. + affinity: {} + # -- DNSConfig settings for pods. + dnsConfig: {} + +# Ingress configuration +ingress: + enabled: false + className: "" + annotations: {} + paths: + contentserver: + - path: /contentserver + pathType: Prefix + port: 8080 + hosts: + - example.com + tls: [] + # - secretName: example-com-tls + # hosts: + # - example.com + +# ServiceAccount configuration +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Automatically mount a ServiceAccount's API credentials? + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # -- If not set and create is true, a name is generated using the fullname template + name: "" + +# ServiceMonitor configuration +serviceMonitor: + # -- If enabled, ServiceMonitor resources for Prometheus Operator are created + enabled: false + # -- Alternative namespace for ServiceMonitor resources + namespace: null + # -- Namespace selector for ServiceMonitor resources + namespaceSelector: {} + # -- Optional expressions to match on + matchExpressions: [] + # - key: prometheus.io/service-monitor + # operator: NotIn + # values: + # - "false" + # -- ServiceMonitor annotations + annotations: {} + # -- Additional ServiceMonitor labels + labels: {} + # -- ServiceMonitor scrape interval + interval: null + # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) + scrapeTimeout: null + # -- ServiceMonitor relabel configs to apply to samples before scraping + # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + relabelings: [] + # -- ServiceMonitor metric relabel configs to apply to samples before ingestion + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + metricRelabelings: [] + ##ServiceMonitor will add labels from the service to the Prometheus metric + # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec + targetLabels: [] + # -- ServiceMonitor will use http by default, but you can pick https as well + scheme: http + # -- ServiceMonitor will use these tlsConfig settings to make the health check requests + tlsConfig: null + +# NetworkPolicy configuration +networkPolicy: + # -- Specifies whether Network Policies should be created + enabled: false + metrics: + # -- Specifies the Pods which are allowed to access the metrics port. + # As this is cross-namespace communication, you also need the namespaceSelector. + podSelector: {} + # -- Specifies the namespaces which are allowed to access the metrics port + namespaceSelector: {} + # -- Specifies specific network CIDRs which are allowed to access the metrics port. + # In case you use namespaceSelector, you also have to specify your kubelet networks here. + # The metrics ports are also used for probes. + cidrs: [] + ingress: + # -- Specifies the Pods which are allowed to access the http port. + # As this is cross-namespace communication, you also need the namespaceSelector. + podSelector: {} + # -- Specifies the namespaces which are allowed to access the http port + namespaceSelector: {} + externalStorage: + # -- Specify the port used for external storage, e.g. AWS S3 + ports: [] + # -- Specifies specific network CIDRs you want to limit access to + cidrs: [] + discovery: + # -- Specify the port used for discovery + port: null + # -- Specifies the Pods labels used for discovery. + # As this is cross-namespace communication, you also need the namespaceSelector. + podSelector: {} + # -- Specifies the namespace the discovery Pods are running in + namespaceSelector: {} + +# RBAC configuration +rbac: + # -- Create PodSecurityPolicy. + enabled: false diff --git a/charts/csp-reporter/README.md b/charts/csp-reporter/README.md index f219aa5..1e87f02 100644 --- a/charts/csp-reporter/README.md +++ b/charts/csp-reporter/README.md @@ -45,6 +45,3 @@ Content Security Policy Reporter | serviceAccount.create | bool | `false` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/charts/csp-reporter/README.md.gotmpl b/charts/csp-reporter/README.md.gotmpl index a3a5a26..9174c35 100644 --- a/charts/csp-reporter/README.md.gotmpl +++ b/charts/csp-reporter/README.md.gotmpl @@ -1,9 +1,16 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} +{{ template "chart.badgesSection" . }} {{ template "chart.description" . }} +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + {{ template "chart.sourcesSection" . }} {{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/sesamy-gtm/Chart.yaml b/charts/sesamy-gtm/Chart.yaml index 13a1baf..113e9ec 100644 --- a/charts/sesamy-gtm/Chart.yaml +++ b/charts/sesamy-gtm/Chart.yaml @@ -13,6 +13,8 @@ annotations: "artifacthub.io/links": | - name: Chart Source url: https://github.com/foomo/helm-charts + - name: GTM Changelog + url: https://developers.google.com/tag-platform/tag-manager/server-side/release-notes version: 0.0.3 appVersion: 2.3.0 diff --git a/charts/sesamy-gtm/README.md b/charts/sesamy-gtm/README.md index 3a126fe..9752805 100644 --- a/charts/sesamy-gtm/README.md +++ b/charts/sesamy-gtm/README.md @@ -6,9 +6,10 @@ Helm chart for the Sesamy GTM tagging & preview service. **Homepage:** -## Source Code +## Resources -* +- [Source](https://github.com/foomo/helm-charts) +- [GTM Changelog](https://developers.google.com/tag-platform/tag-manager/server-side/release-notes) ## Values @@ -188,6 +189,3 @@ Helm chart for the Sesamy GTM tagging & preview service. | tagging.service.port | int | `8080` | Port of the service | | tagging.service.type | string | `"ClusterIP"` | Type of the service | | tagging.tolerations | list | `[]` | Tolerations settings for pods. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/charts/sesamy-gtm/README.md.gotmpl b/charts/sesamy-gtm/README.md.gotmpl index a3a5a26..1d0c182 100644 --- a/charts/sesamy-gtm/README.md.gotmpl +++ b/charts/sesamy-gtm/README.md.gotmpl @@ -1,9 +1,19 @@ {{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} +{{ template "chart.badgesSection" . }} {{ template "chart.description" . }} -{{ template "chart.sourcesSection" . }} +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +## Resources + +- [Source](https://github.com/foomo/helm-charts) +- [GTM Changelog](https://developers.google.com/tag-platform/tag-manager/server-side/release-notes) {{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }}