andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main-source' of https://github.com/nflondo/partner-charts into main-source

pull/834/head
github-actions[bot] 2023-07-18 19:39:22 +00:00
parent de32ae2432 6c2f650197
commit 00da4e9333
115 changed files with 1 additions and 7534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/btp/chronicle-0.1.13.tgz
View File

Binary file not shown.

BIN
assets/btp/chronicle-0.1.14.tgz
View File

Binary file not shown.

BIN
assets/btp/chronicle-0.1.15.tgz
View File

Binary file not shown.

BIN
assets/btp/chronicle-0.1.16.tgz
View File

Binary file not shown.

BIN
assets/btp/chronicle-0.1.18.tgz
View File

Binary file not shown.

BIN
assets/btp/chronicle-0.1.6.tgz
View File

Binary file not shown.

BIN
assets/btp/chronicle-0.1.7.tgz
View File

Binary file not shown.

23
charts/btp/chronicle/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
charts/btp/chronicle/Chart.lock
View File

@ -1,9 +0,0 @@
dependencies:
- name: standard-defs
repository: https://btp-charts-stable.s3.amazonaws.com/charts/
version: 0.1.3
- name: sawtooth
repository: https://btp-charts-unstable.s3.amazonaws.com/charts/
version: 0.2.12
digest: sha256:780720dfac6408ac363acd252c6232b5a405368dda73dcbe3d2e208bbe0d75e8
generated: "2023-06-01T16:05:51.598742033-04:00"

25
charts/btp/chronicle/Chart.yaml
View File

@ -1,25 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Chronicle
catalog.cattle.io/release-name: chronicle
apiVersion: v2
appVersion: 0.7.3
dependencies:
- name: standard-defs
repository: https://btp-charts-stable.s3.amazonaws.com/charts/
version: ~0.1.0
- name: sawtooth
repository: https://btp-charts-unstable.s3.amazonaws.com/charts/
version: ~0.2.0
description: 'Chronicle is an open-source, blockchain-backed, domain-agnostic provenance
product. Chronicle makes it easy for users to record and query immutable provenance
information on a distributed ledger - about any asset, in any domain, and across
multiple parties. '
home: https://docs.btp.works/chronicle
icon: https://chronicle-resources.s3.amazonaws.com/icons/chronicle-transparent-bg-dark.png
keywords:
- provenance
- blockchain
name: chronicle
type: application
version: 0.1.18

60
charts/btp/chronicle/README.md
View File

@ -1,60 +0,0 @@
# Chronicle
| field | description | default |
|-|-|-|
| `imagePullSecrets.enabled`| if true use the list of named imagePullSecrets | false |
| `imagePullSecrets.value`| a list if named secret references of the form `- name: secretName`| [] |
| `image.repository` | the repository of the image | blockchaintp/chronicle |
| `image.tag`| the tag of the image to use | latest |
| `image.pullPolicy` | the image pull policy to use | IfNotPresent |
| `logLevel` | log level for chronicle | info |
| `webUi` | If true serve the graphql playground interface | false |
| `replicas` | number of Chronicle replicas to run | 1 |
| `affinity`| custom affinity rules for the chronicle pod | {} |
| `extraVolumes` | a list of additional volumes to add to chronicle | [] |
| `extraVolumeMounts` | a list of additional volume mounts to add to chronicle | [] |
| `port` | the port on which the chronicle service listens | 9982 |
| `serviceAccount.create` | true to create a service account | false |
| `serviceAccount.name` | name of the service account | nil (defaults to based on release name) |
| `ingress.apiVersion` | if necessary the apiVersion of the ingress may be overridden | "" |
| `ingress.enabled` | true to enable the ingress to the main service rest-api | false |
| `ingress.certManager` | true to enable the acme certmanager for this ingress | false |
| `ingress.hostname` | primary hostname for the ingress | false |
| `ingress.path` | path for the ingress's primary hostname | / |
| `ingress.pathType` | pathType for the ingress's primary hostname | nil |
| `ingress.annotations` | annotations for the ingress | {} |
| `ingress.tls` | true to enable tls on the ingress with a secrete at hostname-tls | false |
| `ingress.extraHosts` | list of extra hosts to add to the ingress | [] |
| `ingress.extraPaths` | list of extra paths to add to the primary host of the ingress | [] |
| `ingress.extraTls` | list of extra tls entries | [] |
| `ingress.hosts`| list of ingress host and path declarations for the chronicle ingress| [] |
| `sawtooth` | sawtooth options may be configured | see [Sawtooth](../sawtooth/README.md) |
| `tp.args` | a string of arguments to pass to the tp container| nil |
| `tp.image.pullPolicy` | the image pull policy | IfNotPresent |
| `tp.image.repository` | the image repository | blockchaintp/chronicle-tp |
| `tp.image.tag` | the image tag | BTP2.1.0 |
| `tp.extraVolumes` | extra volumes declarations for the chronicle-tp deployment | list | nil
| `tp.extraVolumeMounts` | extra volume mounts for chronicle-tp deployment | list | nil
| `tp.resources` | resources | map | nil |
| `tp.maxUnavailable` | maximum unavailable nodes during a rolling upgrade |
| `tp.minReadySeconds` | minimum time before node becomes available |
| `postgres.enabled` | if true create an internal postgres instance | boolean | true |
| `postgres.env` | postgres environment variables | map | N/A |
| `postgres.image.repository` | postgres image repository | string | "postgres" |
| `postgres.image.tag` | postgres image tag | string | "11" |
| `postgres.user` | user for the postgres database | string | "postgres" |
| `postgres.host` | host for the postgres database | string | "localhost" |
| `postgres.database` | database for the postgres database | string | "postgres" |
| `postgres.port` | port for the postgres database | int | 5432 |
| `postgres.password` | password for the postgres database | string | "postgres" |
| `postgres.existingPasswordSecret` | name of a secret containing the postgres password | string | nil |
| `postgres.existingPasswordSecret` | name of the key in a secret containing the postgres password | string | nil |
| `postgres.tls` | postgres TLS configuration | string | nil |
| `postgres.persistence` | postgres persistence settings | map | N/A |
| `postgres.persistence.enabled` | if true allocate a PVC for the postgres instance | boolean | false |
| `postgres.persistence.annotations` | any custom annotations to the postgres PVC's | map | {} |
| `postgres.persistence.accessModes` | postgres PVC access modes | list | [ "ReadWriteOnce" ] |
| `postgres.persistence.storageClass` | postgres PVC storageClass | string | nil |
| `postgres.persistence.size` | postgres PVC volume size | string | "40Gi" |
| `postgres.resources` | resources | map | nil |
| `resources` | resources | map | nil |

12
charts/btp/chronicle/app-readme.md
View File

@ -1,12 +0,0 @@
Chronicle records provenance information of any physical or digital asset on a distributed ledger.
- Chronicle is available with Hyperledger Sawtooth as its default backing ledger.
- Chronicle is built on the established W3C PROV Ontology standard; it uses the lightweight JSON-LD linked data format, and the data query language GraphQL.
- Chronicle is easily adaptable to enable users to model, capture, and query provenance information pertinent to their industry, application and use case.
You can find example domains and further instructions at https://examples.btp.works
## *Important*
*As Chronicle uses Sawtooth as its backing ledger, a minimum of 4 nodes is required for deployment.*
*This helm chart will deploy and configure a 4 node Sawtooth network on your target cluster, so less than 4 nodes will result in the deployment failing.*

25
charts/btp/chronicle/charts/sawtooth/.helmignore
View File

@ -1,25 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
tests/

6
charts/btp/chronicle/charts/sawtooth/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: standard-defs
repository: https://btp-charts-stable.s3.amazonaws.com/charts/
version: 0.1.2
digest: sha256:b072a3f7726bb97088f486103c12d3c8c01d81b31e72bd972b93fbd61f4adb85
generated: "2021-10-09T05:31:04.138943048Z"

10
charts/btp/chronicle/charts/sawtooth/Chart.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v2
appVersion: 1.2.5p4
dependencies:
- name: standard-defs
repository: https://btp-charts-stable.s3.amazonaws.com/charts/
version: ~0.1.0
description: BTP's Sawtooth distribution based on Hyperledger Sawtooth 1.2
name: sawtooth
type: application
version: 0.2.12

96
charts/btp/chronicle/charts/sawtooth/README.md
View File

@ -1,96 +0,0 @@
# Sawtoooth
| field | description | default |
|-|-|-|
| `affinity.enabled` | false: no effect true: then validators will be deployed only to k8s nodes with the label `app={{ .sawtooth.networkName }}-validator` | false |
| `commonLabels` |
| `imagePullSecrets.enabled` | if true use the list of named imagePullSecrets | false |
| `imagePullSecrets.value` | a list if named secret references of the form ```- name: secretName```| [] |
| `ingress.apiVersion` | if necessary the apiVersion of the ingress may be overridden | "" |
| `ingress.enabled` | true to enable the ingress to the main service rest-api | false |
| `ingress.certManager` | true to enable the acme certmanager for this ingress | false |
| `ingress.hostname` | primary hostname for the ingress | false |
| `ingress.path` | path for the ingress's primary hostname | / |
| `ingress.pathType` | pathType for the ingress's primary hostname | nil |
| `ingress.annotations` | annotations for the ingress | {} |
| `ingress.tls` | true to enable tls on the ingress with a secrete at hostname-tls | false |
| `ingress.extraHosts` | list of extra hosts to add to the ingress | [] |
| `ingress.extraPaths` | list of extra paths to add to the primary host of the ingress | [] |
| `ingress.extraTls` | list of extra tls entries | [] |
| `pagerduty.enabled` | if true send pagerduty alerts | false |
| `pagerduty.token` | pagerduty user token | nil |
| `pagerduty.serviceid` | pagerduty serviceid | nil |
| `sawtooth.opentsdb.db` | name of the opentsdb database to be used | metrics |
| `sawtooth.opentsdb.url` | url of the opentsdb database to be used | nil |
| `sawtooth.opentsdb.enabled` | whether to enable the opentsdb metrics | false |
| `sawtooth.minReadySeconds` | the minimum time a pod must be Running before proceeding on a rolling update | 120 |
| `sawtooth.maxUnavailable` | maximum number of pods allowed down on a rollout or update | 1 |
| `sawtooth.containers.block_info.args` | extra args for block-info-tp | nil |
| `sawtooth.containers.identity_tp.args` | extra args for identity-tp | nil |
| `sawtooth.containers.rest_api.args` | extra args for rest-api | nil |
| `sawtooth.containers.settings_tp.args` | extra args for settings-tp | nil |
| `sawtooth.containers.validator.args` | extra args for validator | nil |
| `sawtooth.containers.validator.env` | list of environment name/value dicts | nil |
| `sawtooth.ports.sawnet` | port for the sawtooth validator network | 8800 |
| `sawtooth.ports.consensus` | port for the sawtooth consensus network | 5050 |
| `sawtooth.ports.sawcomp` | port for the sawtooth component network | 4004 |
| `sawtooth.ports.rest` | port for the sawtooth rest-api | 8008 |
| `sawtooth.livenessProbe.enabled` | whether to run the livenessProbe on the validator | false |
| `sawtooth.livenessProbe.initialDelaySeconds` | seconds to wait before running the liveness probe the first time | 300 |
| `sawtooth.livenessProbe.periodSeconds` | interval in seconds to re-run the liveness probe | 120 |
| `sawtooth.livenessProbe.active` | if false, the liveness probe will run and evaluate the the situation, but always return successfully | string | "false"
| `sawtooth.livenessProbe.exitSignals` | when restarting due to a livenessProbe failure, the validator pod has a "signal" system which will cause it to restart the named containers in this var | "block-info-tp" |
| `sawtooth.heartbeat.interval` | interval in seconds to issue a heartbeat | 300 |
| `sawtooth.permissioned` | Whether to run this chain as a permissioned chain or not | false |
| `sawtooth.namespace` | namespace to render these templates into (deprecated) | "prod" |
| `sawtooth.networkName` | name of this sawtooth network (deprecated) | "mynetwork" |
| `sawtooth.scheduler` | name of the sawtooth transaction scheduler to use | string | "serial"
| `sawtooth.consensus` | id of the the consensus algorithm to use< valid values: 100:DevMode, 200, PoET, 300 - Raft, 400, PBFT | int | 200
| `sawtooth.genesis.enabled` | If true, and the cluster is starting for the first time, then a node will be selected to create and submit the genesis block | true |
| `sawtooth.genesis.seed` | The seed is an arbitrary string which identifies a given genesis If the data of a given set of nodes is to be wiped out, change this value. | "9a2de774-90b5-11e9-9df0-87e889b0f1c9" |
| `sawtooth.dynamicPeering` | Dynamic Peering should default to false, since it is a bit unreliable | false |
| `sawtooth.externalSeeds` | a list of maps defining validator endpoints external to this deployment | [] |
| `sawtooth.seth.enabled` | enabled sawtooth-seth | false |
| `sawtooth.xo.enabled` | enabled sawtooth-xo-tp | false |
| `sawtooth.smallbank.enabled` | enabled sawtooth-smallbank-tp | false |
| `sawtooth.hostPathBaseDir` | all sawtooth hostPath directories will be based here | string | /var/lib/btp
| `sawtooth.client_wait` | arbitrary delay to validator client startup, such as the rest-api | 90 |
| `sawtooth.customTPs` | a list of [custom tp definitions](#custom-tp-definitions) | nil |
| `sawtooth.affinity` | custom affinity rules for the sawtooth validator deamonset | nil |
| `images` | a map containing all of the image urls used by this template| N/A |
## Images
| field | default |
|- |- |
| `images.devmode_engine` | blockchaintp/sawtooth-devmode-engine-rust:BTP2.1.0
| `images.pbft_engine` | blockchaintp/sawtooth-pbft-engine:BTP2.1.0
| `images.poet_cli` | blockchaintp/sawtooth-poet-cli:BTP2.1.0
| `images.poet_engine` | blockchaintp/sawtooth-poet-engine:BTP2.1.0
| `images.poet_validator_registry_tp` | blockchaintp/sawtooth-poet-validator-registry-tp:BTP2.1.0
| `images.raft_engine` | blockchaintp/sawtooth-raft-engine:BTP2.1.0
| `images.block_info_tp` | blockchaintp/sawtooth-block-info-tp:BTP2.1.0
| `images.identity_tp` | blockchaintp/sawtooth-identity-tp:BTP2.1.0
| `images.intkey_tp` | blockchaintp/sawtooth-intkey-tp-go:BTP2.1.0
| `images.settings_tp` | blockchaintp/sawtooth-settings-tp:BTP2.1.0
| `images.shell` | blockchaintp/sawtooth-shell:BTP2.1.0
| `images.smallbank_tp` | blockchaintp/sawtooth-smallbank-tp-go:BTP2.1.0
| `images.validator` | blockchaintp/sawtooth-validator:BTP2.1.0
| `images.xo_tp` | blockchaintp/sawtooth-xo-tp-go:BTP2.1.0
| `images.rest_api` | blockchaintp/sawtooth-rest-api:BTP2.1.0
| `images.seth_rpc` | blockchaintp/sawtooth-seth-rpc:BTP2.1.0
| `images.seth_tp` | blockchaintp/sawtooth-seth-tp:BTP2.1.0
| `images.xo_demo` | blockchaintp/xo-demo:BTP2.1.0
## Custom TP Definitions
Custom TP definitions are describe using maps with the following fields
| field | description | default |
|-|-|-|
| `name` | name of the custom tp container(must be unique within the pod) | nil |
| `image` | url of the image for this tp | nil |
| `command` | list of command tokens for this tp | list | nil
| `arg` | list of arguments to the command | nil] |
| `extraVolumes` | a list of additional volumes to add to all StatefulSets, Deployments, and DaemonSets | `[]` |
| `extraVolumeMounts` | a list of additional volume mounts to add to all StatefulSet, Deployment, and DaemonSet containers | `[]` |

6
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.8.0
digest: sha256:4b6f60ea1981a1b98332e0149289002fe0f9ebf401de1ec19c8baaaf6b0d4b88
generated: "2021-09-02T01:05:15.012803203Z"

10
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/Chart.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v2
appVersion: 0.1.0
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: ~1.8.0
description: BTP Standard Template definitions and dependencies
name: standard-defs
type: library
version: 0.1.2

0
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/README.md
View File

22
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/.helmignore
View File

@ -1,22 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

23
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/Chart.yaml
View File

@ -1,23 +0,0 @@
annotations:
category: Infrastructure
apiVersion: v2
appVersion: 1.8.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/master/bitnami/common
icon: https://bitnami.com/downloads/logos/bitnami-mark.png
keywords:
- common
- helper
- template
- function
- bitnami
maintainers:
- email: containers@bitnami.com
name: Bitnami
name: common
sources:
- https://github.com/bitnami/charts
- http://www.bitnami.com/
type: library
version: 1.8.0

327
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/README.md
View File

@ -1,327 +0,0 @@
# Bitnami Common Library Chart
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts.
## TL;DR
```yaml
dependencies:
- name: common
version: 0.x.x
repository: https://charts.bitnami.com/bitnami
```
```bash
$ helm dependency update
```
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
data:
myvalue: "Hello World"
```
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications.
## Prerequisites
- Kubernetes 1.12+
- Helm 3.1.0
## Parameters
The following table lists the helpers available in the library which are scoped in different sections.
### Affinities
| Helper identifier | Description | Expected Input |
|-------------------------------|------------------------------------------------------|------------------------------------------------|
| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
### Capabilities
| Helper identifier | Description | Expected Input |
|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for policy | `.` Chart context |
| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
### Errors
| Helper identifier | Description | Expected Input |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
### Images
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
### Ingress
| Helper identifier | Description | Expected Input |
|-------------------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
### Labels
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|-------------------|
| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context |
### Names
| Helper identifier | Description | Expected Inpput |
|-------------------------|------------------------------------------------------------|-------------------|
| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
| `common.names.chart` | Chart name plus version | `.` Chart context |
### Secrets
| Helper identifier | Description | Expected Input |
|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
### Storage
| Helper identifier | Description | Expected Input |
|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
### TplValues
| Helper identifier | Description | Expected Input |
|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
### Utils
| Helper identifier | Description | Expected Input |
|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
### Validations
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis&trade; are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB&reg; are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
### Warnings
| Helper identifier | Description | Expected Input |
|------------------------------|----------------------------------|------------------------------------------------------------|
| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
## Special input schemas
### ImageRoot
```yaml
registry:
type: string
description: Docker registry where the image is located
example: docker.io
repository:
type: string
description: Repository and image name
example: bitnami/nginx
tag:
type: string
description: image tag
example: 1.16.1-debian-10-r63
pullPolicy:
type: string
description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
pullSecrets:
type: array
items:
type: string
description: Optionally specify an array of imagePullSecrets (evaluated as templates).
debug:
type: boolean
description: Set to true if you would like to see extra information on logs
example: false
## An instance would be:
# registry: docker.io
# repository: bitnami/nginx
# tag: 1.16.1-debian-10-r63
# pullPolicy: IfNotPresent
# debug: false
```
### Persistence
```yaml
enabled:
type: boolean
description: Whether enable persistence.
example: true
storageClass:
type: string
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
example: "-"
accessMode:
type: string
description: Access mode for the Persistent Volume Storage.
example: ReadWriteOnce
size:
type: string
description: Size the Persistent Volume Storage.
example: 8Gi
path:
type: string
description: Path to be persisted.
example: /bitnami
## An instance would be:
# enabled: true
# storageClass: "-"
# accessMode: ReadWriteOnce
# size: 8Gi
# path: /bitnami
```
### ExistingSecret
```yaml
name:
type: string
description: Name of the existing secret.
example: mySecret
keyMapping:
description: Mapping between the expected key name and the name of the key in the existing secret.
type: object
## An instance would be:
# name: mySecret
# keyMapping:
# password: myPasswordKey
```
#### Example of use
When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
```yaml
# templates/secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
app: {{ include "common.names.fullname" . }}
type: Opaque
data:
password: {{ .Values.password | b64enc | quote }}
# templates/dpl.yaml
---
...
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
...
# values.yaml
---
name: mySecret
keyMapping:
password: myPasswordKey
```
### ValidateValue
#### NOTES.txt
```console
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
```
If we force those values to be empty we will see some alerts
```console
$ helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode)
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode)
```
## Upgrading
### To 1.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/

102
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_affinities.tpl
View File

@ -1,102 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return a soft nodeAffinity definition
{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.soft" -}}
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
weight: 1
{{- end -}}
{{/*
Return a hard nodeAffinity definition
{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.hard" -}}
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
{{- end -}}
{{/*
Return a nodeAffinity definition
{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.nodes.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.nodes.hard" . -}}
{{- end -}}
{{- end -}}
{{/*
Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}}
*/}}
{{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
namespaces:
- {{ .context.Release.Namespace | quote }}
topologyKey: kubernetes.io/hostname
weight: 1
{{- end -}}
{{/*
Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}}
*/}}
{{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
namespaces:
- {{ .context.Release.Namespace | quote }}
topologyKey: kubernetes.io/hostname
{{- end -}}
{{/*
Return a podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.pods" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.pods.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
{{- end -}}

117
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_capabilities.tpl
View File

@ -1,117 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "common.capabilities.kubeVersion" -}}
{{- if .Values.global }}
{{- if .Values.global.kubeVersion }}
{{- .Values.global.kubeVersion -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for policy.
*/}}
{{- define "common.capabilities.policy.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "policy/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for cronjob.
*/}}
{{- define "common.capabilities.cronjob.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "batch/v1beta1" -}}
{{- else -}}
{{- print "batch/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.apiVersion -}}
{{- .Values.ingress.apiVersion -}}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end }}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for RBAC resources.
*/}}
{{- define "common.capabilities.rbac.apiVersion" -}}
{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for CRDs.
*/}}
{{- define "common.capabilities.crd.apiVersion" -}}
{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiextensions.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiextensions.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the used Helm version is 3.3+.
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
**To be removed when the catalog's minimun Helm version is 3.3**
*/}}
{{- define "common.capabilities.supportsHelmVersion" -}}
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
{{- true -}}
{{- end -}}
{{- end -}}

23
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_errors.tpl
View File

@ -1,23 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
{{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
{{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
{{- $errorString = print $errorString "\n%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

75
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_images.tpl
View File

@ -1,75 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $tag := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.imageRegistry }}
{{- $registryName = .global.imageRegistry -}}
{{- end -}}
{{- end -}}
{{- if $registryName }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- else -}}
{{- printf "%s:%s" $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
*/}}
{{- define "common.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names evaluating values as templates
{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
*/}}
{{- define "common.images.renderPullSecrets" -}}
{{- $pullSecrets := list }}
{{- $context := .context }}
{{- if $context.Values.global }}
{{- range $context.Values.global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

55
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_ingress.tpl
View File

@ -1,55 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate backend entry that is compatible with all Kubernetes API versions.
Usage:
{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
Params:
- serviceName - String. Name of an existing service backend
- servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.ingress.backend" -}}
{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
serviceName: {{ .serviceName }}
servicePort: {{ .servicePort }}
{{- else -}}
service:
name: {{ .serviceName }}
port:
{{- if typeIs "string" .servicePort }}
name: {{ .servicePort }}
{{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
number: {{ .servicePort | int }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Print "true" if the API pathType field is supported
Usage:
{{ include "common.ingress.supportsPathType" . }}
*/}}
{{- define "common.ingress.supportsPathType" -}}
{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the ingressClassname field is supported
Usage:
{{ include "common.ingress.supportsIngressClassname" . }}
*/}}
{{- define "common.ingress.supportsIngressClassname" -}}
{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}

18
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_labels.tpl
View File

@ -1,18 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "common.labels.standard" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
helm.sh/chart: {{ include "common.names.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "common.labels.matchLabels" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}

32
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_names.tpl
View File

@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

129
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_secrets.tpl
View File

@ -1,129 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate secret name.
Usage:
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.secrets.name" -}}
{{- $name := (include "common.names.fullname" .context) -}}
{{- if .defaultNameSuffix -}}
{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- with .existingSecret -}}
{{- if not (typeIs "string" .) -}}
{{- with .name -}}
{{- $name = . -}}
{{- end -}}
{{- else -}}
{{- $name = . -}}
{{- end -}}
{{- end -}}
{{- printf "%s" $name -}}
{{- end -}}
{{/*
Generate secret key.
Usage:
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
- key - String - Required. Name of the key in the secret.
*/}}
{{- define "common.secrets.key" -}}
{{- $key := .key -}}
{{- if .existingSecret -}}
{{- if not (typeIs "string" .existingSecret) -}}
{{- if .existingSecret.keyMapping -}}
{{- $key = index .existingSecret.keyMapping $.key -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}
{{/*
Generate secret password or retrieve one if already created.
Usage:
{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- length - int - Optional - Length of the generated random password.
- strong - Boolean - Optional - Whether to add symbols to the generated random password.
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.passwords.manage" -}}
{{- $password := "" }}
{{- $subchart := "" }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
{{- if $secret }}
{{- if index $secret.data .key }}
{{- $password = index $secret.data .key }}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
{{- $subchart = $chartName }}
{{- end -}}
{{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
{{- $passwordValidationErrors := list $requiredPasswordError -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
{{- if .strong }}
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- printf "%s" $password -}}
{{- end -}}
{{/*
Returns whether a previous generated secret already exists
Usage:
{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.exists" -}}
{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
{{- if $secret }}
{{- true -}}
{{- end -}}
{{- end -}}

23
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_storage.tpl
View File

@ -1,23 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Storage Class
{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
*/}}
{{- define "common.storage.class" -}}
{{- $storageClass := .persistence.storageClass -}}
{{- if .global -}}
{{- if .global.storageClass -}}
{{- $storageClass = .global.storageClass -}}
{{- end -}}
{{- end -}}
{{- if $storageClass -}}
{{- if (eq "-" $storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" $storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}

13
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_tplvalues.tpl
View File

@ -1,13 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Renders a value that contains template.
Usage:
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "common.tplvalues.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

62
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_utils.tpl
View File

@ -1,62 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}
{{/*
Gets a value from .Values given
Usage:
{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
*/}}
{{- define "common.utils.getValueFromKey" -}}
{{- $splitKey := splitList "." .key -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $splitKey -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- printf "%v" (default "" $value) -}}
{{- end -}}
{{/*
Returns first .Values key with a defined value or first of the list if all non-defined
Usage:
{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
*/}}
{{- define "common.utils.getKeyFromList" -}}
{{- $key := first .keys -}}
{{- $reverseKeys := reverse .keys }}
{{- range $reverseKeys }}
{{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
{{- if $value -}}
{{- $key = . }}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

14
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_warnings.tpl
View File

@ -1,14 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Warning about using rolling tag.
Usage:
{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
*/}}
{{- define "common.warnings.rollingTag" -}}
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}

72
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_cassandra.tpl
View File

@ -1,72 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Cassandra required passwords are not empty.
Usage:
{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.cassandra.passwords" -}}
{{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
{{- $enabled := include "common.cassandra.values.enabled" . -}}
{{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
{{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.dbUser.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled cassandra.
Usage:
{{ include "common.cassandra.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.cassandra.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.cassandra.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key dbUser
Usage:
{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.key.dbUser" -}}
{{- if .subchart -}}
cassandra.dbUser
{{- else -}}
dbUser
{{- end -}}
{{- end -}}

103
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_mariadb.tpl
View File

@ -1,103 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MariaDB required passwords are not empty.
Usage:
{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mariadb.passwords" -}}
{{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mariadb.values.enabled" . -}}
{{- $architecture := include "common.mariadb.values.architecture" . -}}
{{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mariadb.
Usage:
{{ include "common.mariadb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mariadb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mariadb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.key.auth" -}}
{{- if .subchart -}}
mariadb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

108
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_mongodb.tpl
View File

@ -1,108 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MongoDB&reg; required passwords are not empty.
Usage:
{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MongoDB&reg; values are stored, e.g: "mongodb-passwords-secret"
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mongodb.passwords" -}}
{{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mongodb.values.enabled" . -}}
{{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
{{- $architecture := include "common.mongodb.values.architecture" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
{{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
{{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
{{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
{{- if and $valueUsername $valueDatabase -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replicaset") -}}
{{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mongodb.
Usage:
{{ include "common.mongodb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mongodb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mongodb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.key.auth" -}}
{{- if .subchart -}}
mongodb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}

131
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_postgresql.tpl
View File

@ -1,131 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate PostgreSQL required passwords are not empty.
Usage:
{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.postgresql.passwords" -}}
{{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
{{- $enabled := include "common.postgresql.values.enabled" . -}}
{{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
{{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
{{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
{{- if (eq $enabledReplication "true") -}}
{{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to decide whether evaluate global values.
Usage:
{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
Params:
- key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
*/}}
{{- define "common.postgresql.values.use.global" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.postgresql -}}
{{- index .context.Values.global.postgresql .key | quote -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.existingSecret" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
{{- if .subchart -}}
{{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
{{- else -}}
{{- default (.context.Values.existingSecret | quote) $globalValue -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled postgresql.
Usage:
{{ include "common.postgresql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key postgressPassword.
Usage:
{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.postgressPassword" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
{{- if not $globalValue -}}
{{- if .subchart -}}
postgresql.postgresqlPassword
{{- else -}}
postgresqlPassword
{{- end -}}
{{- else -}}
global.postgresql.postgresqlPassword
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled.replication.
Usage:
{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.enabled.replication" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.replication.enabled -}}
{{- else -}}
{{- printf "%v" .context.Values.replication.enabled -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key replication.password.
Usage:
{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.replicationPassword" -}}
{{- if .subchart -}}
postgresql.replication.password
{{- else -}}
replication.password
{{- end -}}
{{- end -}}

76
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_redis.tpl
View File

@ -1,76 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Redis&trade; required passwords are not empty.
Usage:
{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.redis.passwords" -}}
{{- $enabled := include "common.redis.values.enabled" . -}}
{{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
{{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
{{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
{{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
{{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
{{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
{{- if and (not $existingSecretValue) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
{{- if eq $useAuth "true" -}}
{{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled redis.
Usage:
{{ include "common.redis.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.redis.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.redis.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right prefix path for the values
Usage:
{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.redis.values.keys.prefix" -}}
{{- if .subchart -}}redis.{{- else -}}{{- end -}}
{{- end -}}
{{/*
Checks whether the redis chart's includes the standarizations (version >= 14)
Usage:
{{ include "common.redis.values.standarized.version" (dict "context" $) }}
*/}}
{{- define "common.redis.values.standarized.version" -}}
{{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
{{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
{{- if $standarizedAuthValues -}}
{{- true -}}
{{- end -}}
{{- end -}}

46
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_validations.tpl
View File

@ -1,46 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate values must not be empty.
Usage:
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.multiple.empty" -}}
{{- range .required -}}
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
{{- end -}}
{{- end -}}
{{/*
Validate a value must not be empty.
Usage:
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
- subchart - String - Optional - Name of the subchart that the validated password is part of.
*/}}
{{- define "common.validations.values.single.empty" -}}
{{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
{{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
{{- if not $value -}}
{{- $varname := "my-value" -}}
{{- $getCurrentValue := "" -}}
{{- if and .secret .field -}}
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
{{- end -}}
{{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
{{- end -}}
{{- end -}}

5
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/values.yaml
View File

@ -1,5 +0,0 @@
## bitnami/common
## It is required by CI/CD tools and processes.
## @skip exampleValue
##
exampleValue: common-chart

101
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_ingress.tpl
View File

@ -1,101 +0,0 @@
{{/*
include "ingress" (dict "ingressName" "myingress" "ingress" path.to.ingress "serviceName" "the-service" "servicePort" 9090 "context" $)
ingress:
enabled: true
certManager: false
pathType: ImplementationSpecific
apiVersion: ""
hostname: theservice.local
path: /
annotations: {}
tls: false
extraHosts: []
extraPaths: []
extraTls: []
secrets: []
*/}}
{{- define "lib.ingress" -}}
{{- $ctx := .context -}}
{{- $ingressName := .ingressName -}}
{{- $serviceName := .serviceName -}}
{{- $servicePort := .servicePort -}}
{{- $extraPaths := .ingress.extraPaths -}}
{{- if .ingress.enabled -}}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" $ctx }}
kind: Ingress
metadata:
name: {{ $ingressName }}
namespace: {{ $ctx.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" $ctx | nindent 4 }}
{{- if $ctx.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonLabels "context" $ctx ) | nindent 4 }}
{{- end }}
annotations:
{{- if .ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .ingress.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .ingress.annotations "context" $ctx ) | nindent 4 }}
{{- end }}
{{- if $ctx.Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonAnnotations "context" $ctx ) | nindent 4 }}
{{- end }}
spec:
rules:
{{- if .ingress.hostname }}
- host: {{ .ingress.hostname }}
http:
paths:
- path: {{ .ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }}
pathType: {{ default "ImplementationSpecific" .ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }}
{{- include "lib.safeToYaml" $extraPaths | nindent 10 }}
{{- end }}
{{- range .ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }}
{{- include "lib.safeToYaml" $extraPaths | nindent 10 }}
{{- end }}
{{/* .ingress.hosts is deprecated */}}
{{- range .ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- if .path }}
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }}
{{- end }}
{{- range .paths }}
- path: {{ . | quote }}
{{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }}
pathType: ImplementationSpecific
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }}
{{- end }}
{{- end }}
{{/* .ingress.hosts is deprecated */}}
{{- if or .ingress.tls .ingress.extraTls }}
tls:
{{- if .ingress.tls }}
- hosts:
- {{ .ingress.hostname }}
secretName: {{ printf "%s-tls" .ingress.hostname }}
{{- end }}
{{- if .ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .ingress.extraTls "context" $ctx ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}

51
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib.tpl
View File

@ -1,51 +0,0 @@
{{/*
Call a template function in the context of a sub-chart, as opposed to the
current context of the caller
{{ include "lib.call-nested" (list . "subchart" "template_name") }}
*/}}
{{- define "lib.call-nested" }}
{{- $dot := index . 0 }}
{{- $subchart := index . 1 | splitList "." }}
{{- $template := index . 2 }}
{{- $values := $dot.Values }}
{{- range $subchart }}
{{- $values = index $values . }}
{{- end }}
{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "lib.labels" -}}
helm.sh/chart: {{ include "common.names.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{ include "common.labels.matchLabels" . }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "lib.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Given a variable, if it is not false, output as Yaml
include "lib.safeToYaml" .Values.something
*/}}
{{- define "lib.safeToYaml" -}}
{{- if . -}}
{{ toYaml . }}
{{- end -}}
{{- end -}}

46
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib_image.tpl
View File

@ -1,46 +0,0 @@
{{/*
Given a setup like the following:
# global and on down are optional
global:
image:
registry: my-registry.com
tag: latest
# This is the imageRoot
somecomponent:
image:
registry: my-other-registry.com
tag: 1.0.0
repository: bobs/coolthing
*/}}
{{/*
{{ include "utils.image.url" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}}
*/}}
{{- define "lib.image.url" -}}
{{- $globalRegistryName := "index.docker.io" -}}
{{- $globalTag := "latest" -}}
{{- if .global -}}
{{- if .global.image -}}
{{- if .global.image.registry -}}
{{- $globalRegistryName = .global.image.registry -}}
{{- end -}}
{{- if .global.image.tag -}}
{{- $globalTag = .global.image.tag -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $repository := .imageRoot.repository -}}
{{- $registry := default $globalRegistryName .imageRoot.registry -}}
{{- $tag := default $globalTag .imageRoot.tag -}}
{{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- end -}}
{{/*
{{ include "utils.image" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}}
*/}}
{{- define "lib.image" -}}
image: {{ include "lib.image.url" . }}
imagePullPolicy: {{ default "IfNotPresent" .imageRoot.pullPolicy }}
{{- end -}}

34
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib_volumes.tpl
View File

@ -1,34 +0,0 @@
{{/*
given a variable list, create a list of volumes
extraVolumes:
- name: pv-data
persistentVolumeClaim:
claimName: pvc-persistent-cfg
- name: scratch
emptyDir: {}
include "lib.volumes" .Values.extraVolumes
*/}}
{{- define "lib.volumes" -}}
{{ include "lib.safeToYaml" . }}
{{- end -}}
{{/*
given a variable list, create a list of volumeMounts
extraVolumeMounts:
- name: pv-data
mountPath: /data
- name: scratch
mountPath: /scratch
include "lib.volumeMounts" .Values.extraVolumeMounts
*/}}
{{- define "lib.volumeMounts" -}}
{{ include "lib.safeToYaml" . }}
{{- end -}}

1
charts/btp/chronicle/charts/sawtooth/charts/standard-defs/values.yaml
View File

@ -1 +0,0 @@
exampleValue: example

27
charts/btp/chronicle/charts/sawtooth/sextant/details.yaml
View File

@ -1,27 +0,0 @@
apiVersion: v2
name: sawtooth
description: Uses BTP Paralos open source distribution of Hyperledger Sawtooth
# Replaces the index.js in the deployment templates directory, sawtooth/index
# The deploymentType and deploymentVersion help build the object structure
deploymentType: sawtooth
deploymentVersion: 1.1
# absolute path to form.js
form: sawtooth/sextant/form.js
# absolute path to summary.jst
summary: sawtooth/sextant/summary.js
# paths to be used in the getField function
namePath: sawtooth.networkName
namespacePath: sawtooth.namespace
# additional fields for the button
# form: <same as deploymentVersion>
title: Hyperledger Sawtooth
sextantVersion: sawtooth 1.2, paralos 2.1
buttonIcon: /thirdParty/hyperledger-sawtooth.png
features: []
# documentation pull down mark down

330
charts/btp/chronicle/charts/sawtooth/sextant/form.js
View File

@ -1,330 +0,0 @@
const randomString = require('randomstring')
const options = require('./options')
const form = [
'Hyperledger Sawtooth Deployment',
[
{
id: 'sawtooth.networkName',
title: 'Deployment Name',
helperText: 'The name of the deployment',
component: 'text',
editable: {
new: true,
},
validate: {
type: 'string',
methods: [
['required', 'Required'],
['matches', ['^[a-z]([-a-z0-9]*[a-z0-9])*$'], "a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character"],
],
},
},
{
id: 'sawtooth.namespace',
title: 'Kubernetes Namespace',
helperText: 'The Kubernetes namespace',
component: 'text',
editable: {
new: true,
},
validate: {
type: 'string',
methods: [
['required', 'Required'],
['matches', ['^[a-z]([-a-z0-9]*[a-z0-9])*$'], "a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character"],
],
},
},
],
[
{
id: 'sawtooth.dynamicPeering',
title: 'Peering Type',
helperText: 'Peering type for the validator',
component: 'radio',
default: true,
dataType: 'boolean',
row: true,
options: options.peering,
validate: {
type: 'string',
methods: [
['required', 'Required'],
],
},
},
{
id: 'sawtooth.genesis.enabled',
title: 'Genesis Block',
helperText: 'Should this network create the genesis block?',
component: 'radio',
default: true,
dataType: 'boolean',
row: true,
options: options.activated,
validate: {
type: 'string',
methods: [
['required', 'Required'],
],
},
},
],
[
{
id: 'sawtooth.permissioned',
title: 'Permissioned Network',
helperText: 'Should this network be permissioned?',
component: 'radio',
default: false,
dataType: 'boolean',
row: true,
options: options.activated,
validate: {
type: 'string',
methods: [
['required', 'Required'],
],
},
},
{
id: 'sawtooth.consensus',
title: 'Consensus Algorithm',
helperText: 'Which consensus algorithm should this network use?',
component: 'select',
alternateText: true,
default: 400,
dataType: 'number',
options: options.consensus,
validate: {
type: 'number',
methods: [
['required', 'Required'],
],
},
},
],
{
id: 'affinity.enabled',
title: 'Affinity',
helperText: 'If enabled - pods will only deploy to nodes that have the label: app={{ .Release.Name }}-validator',
component: 'radio',
default: false,
dataType: 'boolean',
row: true,
options: options.activated,
validate: {
type: 'string',
methods: [
['required', 'Required'],
],
},
},
// hostname, IP, port
{
id: 'sawtooth.externalSeeds',
title: 'External Seeds',
helperText: 'The list of external addresses to connect to',
list: {
mainField: 'hostname',
schema: [{
id: 'hostname',
title: 'Hostname',
helperText: 'Type the hostname of a new external seed.',
component: 'text',
validate: {
type: 'string',
methods: [
['required', 'Required'],
['matches', ['^[a-z]([.]*[-a-z0-9]*[a-z0-9])*$'], 'Must use a DNS-1123 safe label.'],
],
},
},
{
id: 'ip',
title: 'IP Address',
helperText: 'Type the IP address of a new external seed.',
component: 'text',
validate: {
type: 'string',
methods: [
['required', 'Required'],
['matches', ['^[0-9]+[.0-9]*[0-9]$'], 'Must be an IPv4 compatible address.'],
],
},
}, {
id: 'port',
title: 'Port',
helperText: 'Type the port of a new external seed.',
component: 'text',
validate: {
type: 'string',
methods: [
['required', 'Required'],
['matches', ['^[0-9]+$'], 'Must be a number.'],
],
},
},
],
table: [{
title: 'Hostname',
name: 'hostname',
}, {
title: 'IP Address',
name: 'ip',
}, {
title: 'Port',
name: 'port',
}],
},
},
'Custom Containers',
{
id: 'sawtooth.customTPs',
title: 'Custom Containers',
skip: true,
helperText: 'Custom containers can connect to the validator on tcp://localhost:4004',
list: {
mainField: 'name',
schema: [{
id: 'name',
title: 'Name',
helperText: 'The name of your custom container',
component: 'text',
validate: {
type: 'string',
methods: [
['required', 'Required'],
],
},
}, {
id: 'image',
title: 'Image',
helperText: 'The docker image for your container',
component: 'text',
validate: {
type: 'string',
methods: [
['required', 'Required'],
],
},
}, {
id: 'command',
title: 'Command',
helperText: 'The command for your container',
component: 'text',
validate: {
type: 'string',
methods: [
],
},
}, {
id: 'args',
title: 'Arguments',
helperText: 'The arguments for your container',
component: 'text',
validate: {
type: 'string',
methods: [
],
},
}],
table: [{
title: 'Name',
name: 'name',
}, {
title: 'Image',
name: 'image',
}, {
title: 'Command',
name: 'command',
}, {
title: 'Arguments',
name: 'args',
}],
},
},
'Image Pull Secrets',
{
id: 'imagePullSecrets.enabled',
title: 'Do you need to enable image pull secrets?',
helperText: 'Provide secrets to be injected into the namespace and used to pull images from your secure registry',
component: 'radio',
default: false,
dataType: 'boolean',
row: true,
options: options.yesNo,
validate: {
type: 'string',
methods: [
['required', 'Required'],
],
},
}, {
id: 'imagePullSecrets.value',
title: 'Image Pull Secrets',
helperText: null,
default: null,
linked: {
linkedId: 'imagePullSecrets.enabled',
visibilityParameter: 'true', // for what value of linkedId, will this component be visible
},
list: {
mainField: 'name',
schema: [{
id: 'name',
title: 'Name',
helperText: 'The name of the secret',
component: 'text',
validate: {
type: 'string',
methods: [
['required', 'Required'],
['matches', ['^[a-z]([-a-z0-9]*[a-z0-9])*$'], "a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character"],
],
},
}],
table: [{
title: 'Name',
name: 'name',
}],
},
},
'Advanced Options',
[
{
id: 'sawtooth.genesis.seed',
title: 'Genesis Seed',
hidden: true,
default: randomString.generate(24),
warning: true,
helperText: 'WARNING: Changing the Genesis Seed will cause any exisiting data on the deployment to be deleted.',
component: 'text',
validate: {
type: 'string',
methods: [
['required', 'Required'],
],
},
},
'', // emptry string acts as space in UI
],
]
module.exports = form

48
charts/btp/chronicle/charts/sawtooth/sextant/options.js
View File

@ -1,48 +0,0 @@
const activated = [{
value: true,
title: 'Enabled',
}, {
value: false,
title: 'Disabled',
}]
const yesNo = [{
value: true,
title: 'Yes',
}, {
value: false,
title: 'No',
}]
const consensus = [{
value: 100,
title: 'DevMode',
blurb: 'DevMode is useful for development purposes only. This mechanism useful only on single node networks which provide no real consensus guarantees.',
}, {
value: 400,
title: 'PBFT',
blurb: 'PBFT is a byzantine fault tolerant consensus mechanism offering good scale, and performance. It is tolerant of up to f=(n-1)/3 byzantine or other faults on the network. PBFT is a non-forking algorithm.',
}, {
value: 200,
title: 'PoET-CFT',
blurb: 'PoET-CFT is a time based consensus mechanism based on a fair lottery system. It has low resource utilization, is crash fault tolerant and can support very large scale networks. PoET-CFT is a forking consensus algorithm.',
}, {
value: 300,
title: 'Raft',
blurb: 'Raft is a consensus mechanism based on an elected leader. It offers good performance, but is not tolerant of Byzantine failures. It works best with low latency networks, and is tolerant of f=(n-1)/2 non-byzantine failures. Raft is a non-forking algorithm.',
}]
const peering = [{
value: true,
title: 'Dynamic',
}, {
value: false,
title: 'Static',
}]
module.exports = {
activated,
consensus,
peering,
yesNo,
}

43
charts/btp/chronicle/charts/sawtooth/sextant/summary.js
View File

@ -1,43 +0,0 @@
const options = require('./options')
const getConsensusTitle = (value) => {
const option = options.consensus.find((o) => o.value === value)
return option ? option.title : 'unknown'
}
const summary = (values) => {
const {
sawtooth,
} = values
return [{
title: 'Deployment Name',
value: sawtooth.networkName,
}, {
title: 'Namespace',
value: sawtooth.namespace,
}, {
title: 'Peering Type',
value: sawtooth.dynamicPeering ? 'Dynamic' : 'Static',
}, {
title: 'Genesis Block',
value: sawtooth.genesis.enabled ? 'Yes' : 'No',
}, {
title: 'Permissioned',
value: sawtooth.permissioned ? 'Yes' : 'No',
}, {
title: 'Consensus Algorithm',
value: getConsensusTitle(sawtooth.consensus),
}, {
title: 'External Seeds',
value: (sawtooth.externalSeeds || []).map((seed) => seed.ip),
}, {
title: 'Sawtooth Validator Port',
value: '8800',
}, {
title: 'Custom Transaction Processors',
value: (sawtooth.customTPs || []).map((tp) => `${tp.name} (${tp.image})`),
}]
}
module.exports = summary

0
charts/btp/chronicle/charts/sawtooth/templates/NOTES.txt
View File

352
charts/btp/chronicle/charts/sawtooth/templates/_sawtooth.tpl
View File

@ -1,352 +0,0 @@
{{/*
Sawtooth Selector labels
*/}}
{{- define "sawtooth.labels" -}}
{{ include "lib.labels" . }}
app: {{ include "common.names.fullname" . }}
{{- end -}}
{{- define "sawtooth.kind" -}}
{{ $consensus := .Values.sawtooth.consensus | int }}
{{- if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) -}}
StatefulSet
{{- else -}}
DaemonSet
{{- end -}}
{{- end -}}
{{/*
Sawtooth Selector labels
*/}}
{{- define "sawtooth.labels.matchLabels" -}}
{{ include "common.labels.matchLabels" . }}
app: {{ include "common.names.fullname" . }}
component: sawtooth
{{- end -}}
{{/* if the consensus type is devmode replicas is always 1 */}}
{{- define "sawtooth.replicas" -}}
{{- $consensus := .Values.sawtooth.consensus | int -}}
{{- if eq $consensus 100 -}}
{{- 1 | int -}}
{{- else -}}
{{- default 4 .Values.sawtooth.statefulset.replicas | int -}}
{{- end -}}
{{- end -}}
{{/*
Sawtooth networking specifications
*/}}
{{- define "sawtooth.bind.component" -}}
component:tcp://0.0.0.0:{{ include "sawtooth.ports.sawcomp" . }}
{{- end -}}
{{/*
Consensus binding should always be local under normal circumstances
*/}}
{{- define "sawtooth.bind.consensus" -}}
{{- if .Values.sawtooth.ports.consensus_local -}}
consensus:tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }}
{{- else -}}
consensus:tcp://0.0.0.0:{{ include "sawtooth.ports.consensus" . }}
{{- end -}}
{{- end -}}
{{- define "sawtooth.bind.network" -}}
network:tcp://0.0.0.0:{{ include "sawtooth.ports.sawnet" . }}
{{- end -}}
{{- define "sawtooth.binds" -}}
--bind {{ include "sawtooth.bind.component" . }} \
--bind {{ include "sawtooth.bind.consensus" . }} \
--bind {{ include "sawtooth.bind.network" . }}
{{- end -}}
{{- define "sawtooth.opentsdb" -}}
{{- if .Values.sawtooth.opentsdb.enabled -}}
--opentsdb-db {{ .Values.sawtooth.opentsdb.db }} \
--opentsdb-url {{ .Values.sawtooth.opentsdb.url }}
{{- end -}}
{{- end -}}
{{- define "sawtooth.peering" -}}
{{- $peering:= .Values.sawtooth.dynamicPeering -}}
--peering {{ if ($peering)}}dynamic{{ else }}static{{end }} \
{{ range .Values.sawtooth.externalSeeds }}{{ if ($peering) }}--seeds{{ else }}--peers{{ end }} tcp://{{ .hostname }}:{{ .port }} {{end }} \
{{ if ($peering)}}${SEEDS}{{ else }}${PEERS}{{end }} \
--maximum-peer-connectivity 255
{{- end -}}
{{- define "sawtooth.network" -}}
{{ include "sawtooth.binds" . }} \
{{ include "sawtooth.peering" . }} \
{{ include "sawtooth.opentsdb" . }}
{{- end -}}
{{/*
Genesis Templates
*/}}
{{- define "sawtooth.genesis.create" -}}
{{- $consensus := .Values.sawtooth.consensus | int -}}
if [ ! -r /etc/sawtooth/initialized ]; then
if [ $RUN_GENESIS -eq 1 ]; then
{{- if eq $consensus 400 }}
bash -x /usr/local/bin/pbft_genesis_config.sh {{ .Release.Namespace }}
{{- else if eq $consensus 300 }}
bash -x /usr/local/bin/raft_genesis_config.sh {{ .Release.Namespace }}
{{- else if eq $consensus 200 }}
bash -x /usr/local/bin/poet_genesis_config.sh {{ .Release.Namespace }}
{{- else }}
bash -x /usr/local/bin/devmode_genesis_config.sh {{ .Release.Namespace }}
{{- end }}
{{ if .Values.sawtooth.permissioned -}}
/usr/local/bin/identity_genesis_config.sh {{ .Release.Namespace }}
{{- end -}}
sawset genesis -k /etc/sawtooth/keys/validator.priv \
-o /etc/sawtooth/genesis/000-genesis.batch
cd /etc/sawtooth/genesis
sawadm genesis `ls |sort`
cd -
fi
touch /etc/sawtooth/initialized;
fi
{{- end -}}
{{- define "sawtooth.genesis.reset" -}}
if [ -r /etc/sawtooth/genesis.seed ]; then
OLD_SEED=`cat /etc/sawtooth/genesis.seed`
if [ "$OLD_SEED" != "{{ .Values.sawtooth.genesis.seed }}" ]; then
echo "${OLD_SEED} != {{ .Values.sawtooth.genesis.seed }} -- resetting environment"
rm -rf /var/lib/sawtooth/*
rm -f /etc/sawtooth/genesis/*
rm -f /etc/sawtooth/initialized
echo {{ .Values.sawtooth.genesis.seed }} > /etc/sawtooth/genesis.seed
fi
else
echo "No genesis seed. Resetting environment and setting Seed to {{ .Values.sawtooth.genesis.seed }}"
rm -rf /var/lib/sawtooth/*
rm -f /etc/sawtooth/genesis/*
rm -f /etc/sawtooth/initialized
echo {{ .Values.sawtooth.genesis.seed }} > /etc/sawtooth/genesis.seed
fi
{{- end -}}
{{/*
END Genesis Templates
*/}}
{{- define "sawtooth.hostpath" -}}
{{ .Values.sawtooth.volumes.hostPathBaseDir | trimSuffix "/" }}/{{.Release.Namespace}}/{{.Release.Name }}
{{- end -}}
{{- define "sawtooth.etc.volume.name" -}}
sawtooth-etc
{{- end -}}
{{- define "sawtooth.etc.volume" -}}
- name: {{ include "sawtooth.etc.volume.name" . }}
hostPath:
type: DirectoryOrCreate
path: {{ include "sawtooth.hostpath" . }}/{{ include "sawtooth.data.volume.name" . }}
{{- end -}}
{{- define "sawtooth.etc.volume.vct" -}}
- metadata:
name: {{ include "sawtooth.etc.volume.name" . }}
{{- if .Values.sawtooth.persistence.annotations }}
annotations: {{- toYaml .Values.sawtooth.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes: {{- toYaml .Values.sawtooth.persistence.accessModes | nindent 10 }}
{{ if .Values.sawtooth.persistence.storageClass }}
storageClassName: {{ .Values.sawtooth.persistence.storageClass | quote }}
{{ end }}
resources:
requests:
storage: 1Gi
{{- end -}}
{{- define "sawtooth.etc.mount" -}}
- mountPath: /etc/sawtooth
name: {{ include "sawtooth.etc.volume.name" . }}
{{- end -}}
{{- define "sawtooth.scripts.volume" -}}
- name: {{ include "sawtooth.scripts.volume.name" . }}
configMap:
name: {{ include "common.names.fullname" . }}-scripts
{{- end -}}
{{- define "sawtooth.scripts.volume.name" -}}
chart-scripts
{{- end -}}
{{- define "sawtooth.scripts.mount" -}}
- mountPath: /opt/chart/scripts
name: {{ include "sawtooth.scripts.volume.name" . }}
{{- end -}}
{{- define "sawtooth.data.volume.name" -}}
sawtooth-data
{{- end -}}
{{- define "sawtooth.data.volume" -}}
- name: {{ include "sawtooth.data.volume.name" . }}
hostPath:
type: DirectoryOrCreate
path: {{ include "sawtooth.hostpath" . }}/{{ include "sawtooth.data.volume.name" . }}
{{- end -}}
{{- define "sawtooth.data.volume.vct" -}}
- metadata:
name: {{ include "sawtooth.data.volume.name" . }}
{{- if .Values.sawtooth.persistence.annotations }}
annotations: {{- toYaml .Values.sawtooth.persistence.annotations | nindent 8 }}
{{- end }}
spec:
accessModes: {{- toYaml .Values.sawtooth.persistence.accessModes | nindent 6 }}
{{ if .Values.sawtooth.persistence.storageClass }}
storageClassName: {{ .Values.sawtooth.persistence.storageClass | quote }}
{{ end }}
resources:
requests:
storage: {{ .Values.sawtooth.persistence.size | quote }}
{{- end -}}
{{- define "sawtooth.data.mount" -}}
- mountPath: /var/lib/sawtooth
name: {{ include "sawtooth.data.volume.name" . }}
{{- end -}}
{{/*
Sawtooth Signals Templates
*/}}
{{/*
Use as in
{{ include "sawtooth.signal.postStart" "pbft-engine" }
*/}}
{{- define "sawtooth.signal.postStart" -}}
postStart:
exec:
command:
- sh
- -c
- |
rm -f {{ include "sawtooth.signals.dir" . }}/{{ . }}
{{- end -}}
{{- define "sawtooth.signal.livenessProbe" -}}
livenessProbe:
exec:
command:
- sh
- -c
- |
if [ -r {{ include "sawtooth.signals.dir" . }}/{{ . }} ]; then
exit 1
else
exit 0
fi
{{- end -}}
{{- define "sawtooth.signal.fire" -}}
exit_code=$?
export EXIT_SIGNALS="{{ .Values.sawtooth.livenessProbe.exitSignals }}"
for signal in ${EXIT_SIGNALS}; do
touch "{{ include "sawtooth.signals.dir" . }}/$signal"
done
exit $exit_code
{{- end -}}
{{- define "sawtooth.signals.volume.name" -}}
sawtooth-signals
{{- end -}}
{{- define "sawtooth.signals.dir" -}}
/var/run/sawtooth
{{- end -}}
{{- define "sawtooth.signals.mount" -}}
- mountPath: {{ include "sawtooth.signals.dir" . }}
name: {{ include "sawtooth.signals.volume.name" . }}
{{- end -}}
{{- define "sawtooth.signals.volume" -}}
- name: {{ include "sawtooth.signals.volume.name" . }}
emptyDir: {}
{{- end -}}
{{/*
END Sawtooth Signals Templates
*/}}
{{- define "sawtooth.affinity" -}}
{{- if .Values.affinity.enabled -}}
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: app
operator: In
values:
- {{- include "common.names.fullname" . -}}
{{- else -}}
{{- if .Values.sawtooth.affinity -}}
{{- toYaml .Values.sawtooth.affinity }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "sawtooth.hostaliases" -}}
{{ range .Values.sawtooth.externalSeeds }}
- ip: {{ .ip }}
hostnames:
- {{ .hostname }}
{{ end }}
{{ include "utils.hostaliases" . }}
{{- end -}}
{{- define "sawtooth.containers" -}}
{{- $consensus := .Values.sawtooth.consensus | int -}}
{{- if eq $consensus 400 -}}
{{- include "sawtooth.container.pbft-engine" . | nindent 0 }}
{{- else if eq $consensus 300 -}}
{{- include "sawtooth.container.raft-engine" . | nindent 0 }}
{{- else if eq $consensus 200 -}}
{{- include "sawtooth.container.poet-engine" . | nindent 0 }}
{{- else -}}
{{- include "sawtooth.container.devmode-engine" . | nindent 0 }}
{{- end -}}
{{- include "sawtooth.container.settings-tp" . | nindent 0 }}
{{- include "sawtooth.container.block-info-tp" . | nindent 0 }}
{{- include "sawtooth.container.intkey-tp" . | nindent 0 }}
{{- include "sawtooth.container.identity-tp" . | nindent 0 }}
{{- include "sawtooth.container.seth-tp" . | nindent 0 }}
{{- include "sawtooth.container.seth-rpc" . | nindent 0 }}
{{- include "sawtooth.container.smallbank-tp" . | nindent 0 }}
{{- include "sawtooth.container.xo-tp" . | nindent 0 }}
{{- $ctx := .Values -}}
{{- range .Values.sawtooth.customTPs -}}
{{- include "sawtooth.container.customtp" (dict "tp" . "values" $ctx) | nindent 0 }}
{{- end -}}
{{- include "sawtooth.container.rest-api" . | nindent 0 }}
{{- include "sawtooth.container.monitor" . | nindent 0 }}
{{- include "sawtooth.container.validator" . | nindent 0 }}
{{- end -}}
{{/*
{{ include "sawtooth.loglevel" "container" .Values.sawtooth.containers.validator "global" .Values.global }}
*/}}
{{- define "sawtooth.logLevel" -}}
{{- $defaultLevel := "WARN" -}}
{{- if .global.logLevel -}}
{{- $defaultLevel = (default $defaultLevel .global.logLevel) | upper -}}
{{- end -}}
{{- $level := (default $defaultLevel .container.logLevel) | upper -}}
{{- if eq $level "INFO" -}}
-v
{{- else if eq $level "DEBUG" -}}
-vv
{{- else if eq $level "TRACE" -}}
-vvv
{{- end -}}
{{- end -}}

441
charts/btp/chronicle/charts/sawtooth/templates/_sawtooth_containers.tpl
View File

@ -1,441 +0,0 @@
{{- define "sawtooth.ports.sawcomp" -}}
{{ .Values.sawtooth.ports.sawcomp }}
{{- end -}}
{{- define "sawtooth.ports.consensus" -}}
{{ .Values.sawtooth.ports.consensus }}
{{- end -}}
{{- define "sawtooth.ports.rest" -}}
{{ .Values.sawtooth.ports.rest }}
{{- end -}}
{{- define "sawtooth.ports.sawnet" -}}
{{ .Values.sawtooth.ports.sawnet }}
{{- end -}}
{{- define "sawtooth.container.env.nodename" -}}
{{- $consensus := .values.sawtooth.consensus | int -}}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NODE_NAME
# Since this a stateful set we use the pod name as the node name
valueFrom:
fieldRef:
{{- if or .values.sawtooth.statefulset.enabled (eq $consensus 100) }}
fieldPath: metadata.name
{{- else }}
fieldPath: spec.nodeName
{{- end }}
{{- end -}}
{{/*
{{ include "sawtooth.container.env" (dict "container" .Values.sawtooth.containers.validator "values" .Values)}}
*/}}
{{- define "sawtooth.container.env" -}}
env:
{{- include "sawtooth.container.env.nodename" . | nindent 2 -}}
{{- if .values.pagerduty.enabled }}
- name: ALERT_TOKEN
value: {{ .values.pagerduty.token | quote }}
- name: SERVICE_ID
value: {{ .values.pagerduty.serviceid | quote }}
{{ end -}}
{{- if .container.env -}}
{{- toYaml .container.env | nindent 2 }}
{{- end -}}
{{- end -}}
{{- define "sawtooth.container.resources" -}}
{{- if .container.resources -}}
resources: {{- toYaml .container.resources | nindent 2 }}
{{- end -}}
{{- end -}}
{{/*
{{ include "sawtooth.container" (dict "container" .Values.sawtooth.containers.validator "values" .Values "global" .Values.global)}}
*/}}
{{- define "sawtooth.container" -}}
{{- include "lib.image" (dict "imageRoot" .container.image "values" .values "global" .global ) |nindent 0 }}
{{- include "sawtooth.container.command" . | nindent 0 }}
{{- include "sawtooth.container.env" . | nindent 0 }}
{{- include "sawtooth.container.resources" . | nindent 0 }}
{{- end -}}
{{- define "sawtooth.container.command" -}}
command: [ "bash", "-xc"]
{{- end -}}
{{- define "sawtooth.container.pbft-engine" -}}
{{ $ctx := dict "container" .Values.sawtooth.containers.pbft_engine "values" .Values "global" .Values.global }}
{{- $signal := "pbft-engine" -}}
- name: pbft-engine
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
rm -f /var/lib/sawtooth/pbft.log
pbft-engine {{ include "sawtooth.logLevel" $ctx }} \
-C tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }} \
--storage-location disk+/var/lib/sawtooth/pbft.log
lifecycle:
{{- include "sawtooth.signal.postStart" "pbft-engine" | nindent 4 }}
{{- include "sawtooth.signal.livenessProbe" "pbft-engine" | nindent 2 }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "sawtooth.data.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.raft-engine" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.raft_engine "values" .Values "global" .Values.global -}}
- name: raft-engine
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
raft-engine {{ include "sawtooth.logLevel" $ctx }} \
-C tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "sawtooth.etc.mount" . | nindent 4 }}
{{- include "sawtooth.data.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.poet-engine" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.poet_engine "values" .Values "global" .Values.global -}}
- name: poet-engine
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
poet-engine {{ include "sawtooth.logLevel" $ctx }} \
--connect tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }} \
--component tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "sawtooth.etc.mount" . | nindent 4 }}
{{- include "sawtooth.data.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
- name: poet-validator-registry-tp
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
poet-validator-registry-tp {{ include "sawtooth.logLevel" $ctx }} \
-C tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "sawtooth.etc.mount" . | nindent 4 }}
{{- include "sawtooth.data.mount" .| nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.devmode-engine" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.devmode_engine "values" .Values "global" .Values.global -}}
- name: devmode-engine
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
devmode-engine-rust {{ include "sawtooth.logLevel" $ctx }} \
-C tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.settings-tp" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.settings_tp "values" .Values "global" .Values.global -}}
- name: settings-tp
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
settings-tp {{ include "sawtooth.logLevel" $ctx }} \
{{ .Values.sawtooth.containers.settings_tp.args }} \
--connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.intkey-tp" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.intkey_tp "values" .Values "global" .Values.global -}}
- name: intkey-tp
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
intkey-tp-go {{ include "sawtooth.logLevel" $ctx }} \
--connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.identity-tp" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.identity_tp "values" .Values "global" .Values.global -}}
{{- if .Values.sawtooth.permissioned -}}
- name: identity-tp
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
identity-tp {{ include "sawtooth.logLevel" $ctx }} \
{{ .Values.sawtooth.containers.identity_tp.args }} \
-C tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- else -}}
# no identity-tp
{{- end -}}
{{- end -}}
{{- define "sawtooth.container.block-info-tp" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.block_info "values" .Values "global" .Values.global -}}
- name: block-info-tp
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
block-info-tp {{ include "sawtooth.logLevel" $ctx }} \
{{ .Values.sawtooth.containers.block_info.args }} \
-C tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
lifecycle:
{{- include "sawtooth.signal.postStart" "block-info-tp" | nindent 4 }}
{{- include "sawtooth.signal.livenessProbe" "block-info-tp" | nindent 2 }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.monitor" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.monitor "values" .Values "global" .Values.global -}}
- name: monitor
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
sawtooth keygen && \
sleep {{ .Values.sawtooth.client_wait }} && \
/usr/local/bin/heartbeat_loop.sh \
http://127.0.0.1:{{ include "sawtooth.ports.rest" . }} \
test-$RANDOM {{ .Values.sawtooth.heartbeat.interval }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "sawtooth.etc.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.xo-tp" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.xo_tp "values" .Values "global" .Values.global -}}
{{- if .Values.sawtooth.xo.enabled -}}
- name: xo-tp
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
xo-tp-go {{ include "sawtooth.logLevel" $ctx }} \
--connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- else -}}
# no xo-tp
{{- end -}}
{{- end -}}
{{- define "sawtooth.container.smallbank-tp" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.smallbank_tp "values" .Values "global" .Values.global -}}
{{- if .Values.sawtooth.smallbank.enabled -}}
- name: smallbank-tp
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
smallbank-tp-go {{ include "sawtooth.logLevel" $ctx }} \
--connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- else -}}
# no smallbank-tp
{{- end -}}
{{- end -}}
{{- define "sawtooth.container.rest-api" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.rest_api "values" .Values "global" .Values.global -}}
- name: rest-api
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
sleep {{ .Values.sawtooth.client_wait }}
sawtooth-rest-api {{ include "sawtooth.logLevel" $ctx }} \
{{ .Values.sawtooth.containers.rest_api.args }} \
--bind 0.0.0.0:{{ include "sawtooth.ports.rest" . }} \
--connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} \
{{ include "sawtooth.opentsdb" . | indent 8 }}
ports:
- containerPort: {{ include "sawtooth.ports.rest" . }}
name: sawrest
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.customtp" -}}
- name: {{ .tp.name }}
image: {{ .tp.image }}
{{ if .tp.command }}command: [ {{ range .tp.command }}"{{ . }}",{{ end }} ]{{end }}
{{ if .tp.args }}args: [ {{ range .tp.args }}"{{ . }}", {{ end }} ]{{end }}
env:
{{- include "sawtooth.container.env.nodename" (dict "values" .values) | nindent 4 }}
lifecycle: {{- include "sawtooth.signal.postStart" .tp.name | nindent 4 }}
{{- include "sawtooth.signal.livenessProbe" .tp.name | nindent 2 }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .values.extraVolumeMounts | nindent 4 }}
resources: {{- default (dict) .tp.resources | toYaml | nindent 4 }}
{{- end -}}
{{- define "sawtooth.container.poet-registration" -}}
{{- $consensus := .Values.sawtooth.consensus | int -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.poet_registration "values" .Values "global" .Values.global -}}
{{ if eq $consensus 200 }}
- name: poet-registration
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
mkdir -p /etc/sawtooth/poet
cp /etc/sawtooth/simulator_rk_pub.pem /etc/sawtooth/;
if [ ! -f /etc/sawtooth/poet/poet-enclave-measurement ]; then
poet enclave measurement > /etc/sawtooth/poet/poet-enclave-measurement;
fi
if [ ! -f /etc/sawtooth/poet/poet-enclave-basename ]; then
poet enclave basename > /etc/sawtoothetc/poet/poet-enclave-basename;
fi
if [ ! -f /etc/sawtooth/initialized ]; then
poet registration create --enclave-module simulator \
-k /etc/sawtooth/keys/validator.priv \
-o /etc/sawtooth/genesis/200.poet.batch
fi
volumeMounts:
{{- include "sawtooth.etc.mount" . | nindent 4 }}
{{- include "sawtooth.data.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- end -}}
{{- end -}}
{{- define "sawtooth.container.seth-tp" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.seth_tp "values" .Values "global" .Values.global -}}
{{- if .Values.sawtooth.seth.enabled -}}
- name: seth-tp
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
seth-tp {{ include "sawtooth.logLevel" $ctx }} \
--connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
{{- else -}}
# no seth-tp
{{- end -}}
{{- end -}}
{{- define "sawtooth.container.seth-rpc" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.seth_rpc "values" .Values "global" .Values.global -}}
{{- if .Values.sawtooth.seth.enabled -}}
- name: seth-rpc
{{- include "sawtooth.container" $ctx | nindent 2 }}
args:
- |
sleep {{ .Values.sawtooth.client_wait }} && \
seth-rpc {{ include "sawtooth.logLevel" $ctx }} \
--bind 0.0.0.0:3030 \
--connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
ports:
- containerPort: 3030
name: seth-rpc
{{- else -}}
# no seth-rpc
{{- end -}}
{{- end -}}
{{- define "sawtooth.container.validator.livenessProbe" -}}
{{if .Values.sawtooth.livenessProbe.enabled }}
exec:
command:
- /bin/bash
- -c
- |
export SIGNALS_DIR={{ include "sawtooth.signals.dir" . }}
export EXIT_SIGNALS="{{ .Values.sawtooth.livenessProbe.exitSignals }}"
export LIVENESS_PROBE_ACTIVE="{{ .Values.sawtooth.livenessProbe.active }}"
/usr/local/bin/liveness_probe.sh
initialDelaySeconds: {{ .Values.sawtooth.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.sawtooth.livenessProbe.periodSeconds }}
{{- end -}}
{{- end -}}
{{- define "sawtooth.container.validator.lifecycle" -}}
preStop:
exec:
command:
- bash
- -c
- |
export EXIT_SIGNALS="{{ .Values.sawtooth.livenessProbe.exitSignals }}"
for signal in ${EXIT_SIGNALS}; do
touch "{{ include "sawtooth.signals.dir" . }}/$signal"
done
postStart:
exec:
command:
- bash
- -c
- |
RUN_DIR=/var/run/sawtooth
rm -f $RUN_DIR/probe.*
rm -f $RUN_DIR/catchup.started
rm -f $RUN_DIR/last*
rm -f $RUN_DIR/pbft_seq*
{{- end -}}
{{- define "sawtooth.container.validator" -}}
{{- $ctx := dict "container" .Values.sawtooth.containers.validator "values" .Values "global" .Values.global -}}
- name: validator
{{- include "sawtooth.container" $ctx | nindent 2 }}
lifecycle:
{{- include "sawtooth.container.validator.lifecycle" . | nindent 4 }}
args:
- |
source /opt/chart/scripts/validator-env
{{- include "sawtooth.genesis.create" . | nindent 6 }}
sawtooth-validator {{ include "sawtooth.logLevel" $ctx }} \
{{ .Values.sawtooth.containers.validator.args}} --scheduler {{ .Values.sawtooth.scheduler }} \
--endpoint tcp://${NODE_NAME}:{{ include "sawtooth.ports.sawnet" . }} \
{{- include "sawtooth.network" . | nindent 8 -}} \
;
{{- include "sawtooth.signal.fire" . | nindent 6 }}
volumeMounts:
{{- include "sawtooth.signals.mount" . | nindent 4 }}
{{- include "sawtooth.etc.mount" . | nindent 4 }}
{{- include "sawtooth.data.mount" . | nindent 4 }}
{{- include "sawtooth.scripts.mount" . | nindent 4 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }}
livenessProbe:
{{- include "sawtooth.container.validator.livenessProbe" . | nindent 4 }}
ports:
- containerPort: {{ include "sawtooth.ports.sawcomp" . }}
name: sawcomp
- containerPort: {{ include "sawtooth.ports.sawnet" . }}
{{- if not .Values.sawtooth.statefulset.enabled }}
hostPort: {{ include "sawtooth.ports.sawnet" . }}
{{- end }}
name: sawnet
- containerPort: {{ include "sawtooth.ports.consensus" . }}
name: consensus
{{- end -}}

8
charts/btp/chronicle/charts/sawtooth/templates/_utils.tpl
View File

@ -1,8 +0,0 @@
{{/* */}}
{{- define "utils.hostaliases" -}}
{{- if .Values.hostAliases -}}
{{ toYaml .Values.hostAliases }}
{{- end -}}
{{- end -}}

6
charts/btp/chronicle/charts/sawtooth/templates/ingress.yaml
View File

@ -1,6 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "common.names.fullname" . -}}
{{- $ingressName := printf "%s-rest" $serviceName -}}
{{- $servicePort := include "sawtooth.ports.rest" . | int -}}
{{ include "lib.ingress" (dict "ingressName" $ingressName "ingress" .Values.ingress "serviceName" $serviceName "servicePort" $servicePort "context" $) }}
{{- end -}}

38
charts/btp/chronicle/charts/sawtooth/templates/pernode-services.yaml
View File

@ -1,38 +0,0 @@
{{- $consensus := .Values.sawtooth.consensus | int -}}
{{- if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) -}}
{{- $ctx := . -}}
# {{ include "sawtooth.replicas" $ctx }} enodes
{{ range untilStep 0 ((include "sawtooth.replicas" $ctx) | int) 1 }}
---
apiVersion: v1
kind: Service
metadata:
labels: {{ include "sawtooth.labels" $ctx | nindent 4}}
per-node: {{ include "common.names.fullname" $ctx }}-{{ . }}
component: sawtooth
name: {{ include "common.names.fullname" $ctx }}-{{ . }}
namespace: {{ $ctx.Release.Namespace }}
spec:
type: {{ $ctx.Values.sawtooth.perNodeServiceType }}
sessionAffinity: ClientIP
ports:
- port: {{ include "sawtooth.ports.rest" $ctx }}
protocol: TCP
targetPort: {{ include "sawtooth.ports.rest" $ctx }}
name: rest-api
- port: {{ include "sawtooth.ports.sawnet" $ctx }}
protocol: TCP
targetPort: {{ include "sawtooth.ports.sawnet" $ctx }}
name: sawnet
- port: {{ include "sawtooth.ports.sawcomp" $ctx }}
protocol: TCP
targetPort: {{ include "sawtooth.ports.sawcomp" $ctx }}
name: sawcomp
selector: {{- include "sawtooth.labels.matchLabels" $ctx | nindent 4 }}
statefulset.kubernetes.io/pod-name: {{ include "common.names.fullname" $ctx }}-{{ . }}
{{- end -}}
{{- else -}}
---
# no enodes
{{- end -}}

13
charts/btp/chronicle/charts/sawtooth/templates/serviceaccount.yaml
View File

@ -1,13 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "lib.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
automountServiceAccountToken: false
{{ if .Values.imagePullSecrets.enabled }}
imagePullSecrets:
{{range .Values.imagePullSecrets.value }}
- name: {{ .name }}
{{ end }}
{{ end }}

24
charts/btp/chronicle/charts/sawtooth/templates/validator-clusterroles.yaml
View File

@ -1,24 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Namespace}}-{{include "common.names.fullname" .}}
labels: {{ include "sawtooth.labels" . | nindent 4 }}
rules:
- apiGroups: ["","apps/v1"] # "" refers to the core API group
resources: ["nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Namespace}}-{{include "common.names.fullname" .}}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Release.Namespace}}-{{include "common.names.fullname" .}}
subjects:
- kind: ServiceAccount
name: {{ include "lib.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---

98
charts/btp/chronicle/charts/sawtooth/templates/validator-env-configmap.yaml
View File

@ -1,98 +0,0 @@
{{- $consensus := .Values.sawtooth.consensus | int -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-scripts
namespace: {{ .Release.Namespace }}
labels: {{ include "sawtooth.labels" . | nindent 4}}
data:
validator-env: |-
#!/bin/bash
BIN_DIR=/usr/local/bin
function get_local_pods() {
kubectl get pod -l "app={{ include "common.names.fullname" . }}" \
--no-headers=true -o name | sed -e 's/pod\///g'
}
function get_all_nodes() {
for pod in $(get_local_pods); do
get_node_for_pod $pod
done | sort
}
function get_genesis_node() {
kubectl get configmap {{ include "common.names.fullname" . }}-genesis -o jsonpath='{.data.node}'
}
function get_node_for_pod() {
local pod=${1:?}
{{ if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) -}}
echo "$pod"
{{- else -}}
kubectl get pod "$pod" -o jsonpath='{ $.spec.nodeName }'
{{- end }}
}
declare -a host_list
for node in $(get_all_nodes); do
host_list+=("$node")
done
export SEEDS=
export PEERS=
MY_NODE_NAME=$(get_node_for_pod $POD_NAME)
MY_PEERS=()
export DELAY=0
echo "Local Hosts Visible ${host_list[@]}"
this_list=("${host_list[@]}")
for host in "${host_list[@]}"; do
this_list=("${this_list[@]:1}")
if [ "$host" == "$MY_NODE_NAME" ]; then
while [ -n "${this_list[0]}" ]; do
MY_PEERS+=("${this_list[0]}")
this_list=("${this_list[@]:1}")
done
else
((DELAY += 1))
fi
done
for peer in "${MY_PEERS[@]}"; do
export SEEDS="--seeds tcp://$peer:{{ include "sawtooth.ports.sawnet" . }} $SEEDS"
export PEERS="--peers tcp://$peer:{{ include "sawtooth.ports.sawnet" . }} $PEERS"
done
SET_GENESIS_NODE=${host_list[0]}
GENESIS_NODE=$(get_genesis_node)
while [ -z "$GENESIS_NODE" ]; do
sleep "$(echo $RANDOM | cut -c1-2)"
GENESIS_NODE=$(get_genesis_node)
if [ -z "$GENESIS_NODE" ]; then
"${BIN_DIR}/upsert_cm.sh" {{ include "common.names.fullname" . }}-genesis node "$SET_GENESIS_NODE"
fi
done
GENESIS_NODE=$(get_genesis_node)
"${BIN_DIR}/upsert_cm.sh" validator-public "$NODE_NAME" "$(cat /etc/sawtooth/keys/validator.pub)"
"${BIN_DIR}/upsert_cm.sh" validator-secret "$NODE_NAME" "$(cat /etc/sawtooth/keys/validator.priv)"
if [ "$GENESIS_NODE" = "$NODE_NAME" ]; then
export RUN_GENESIS=1
if [ ! -r /etc/sawtooth/initialized ]; then
PODCOUNT=$(get_local_pods | wc -l)
KEYCOUNT=$("${BIN_DIR}/get_local_public_keys.sh" "{{ .Release.Namespace }}" | wc -l)
while [ "$PODCOUNT" != "$KEYCOUNT" ]; do
sleep "$DELAY"
PODCOUNT=$(get_local_pods | wc -l)
KEYCOUNT=$("${BIN_DIR}/get_local_public_keys.sh" "{{ .Release.Namespace }}" | wc -l)
done
fi
else
export RUN_GENESIS=0
fi

30
charts/btp/chronicle/charts/sawtooth/templates/validator-roles.yaml
View File

@ -1,30 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{include "common.names.fullname" .}}
namespace: {{ .Release.Namespace }}
labels: {{ include "sawtooth.labels" . | nindent 4 }}
rules:
- apiGroups: ["","apps/v1"] # "" refers to the core API group
resources: ["services", "pods"]
verbs: ["get", "list", "watch"]
- apiGroups: ["","apps/v1"] # "" refers to the core API group
resources: ["configmaps"]
verbs: ["get", "create", "list", "watch", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{include "common.names.fullname" .}}
namespace: {{ .Release.Namespace }}
labels: {{ include "sawtooth.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{include "common.names.fullname" .}}
subjects:
- kind: ServiceAccount
name: {{ include "lib.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---

67
charts/btp/chronicle/charts/sawtooth/templates/validator-set.yaml
View File

@ -1,67 +0,0 @@
{{ $consensus := .Values.sawtooth.consensus | int }}
---
apiVersion: apps/v1
kind: {{ include "sawtooth.kind" . }}
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{ include "sawtooth.labels" . | nindent 4}}
spec:
{{ if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) -}}
replicas: {{ include "sawtooth.replicas" . | int }}
serviceName: {{ include "common.names.fullname" . | quote }}
podManagementPolicy: Parallel
{{- end }}
updateStrategy:
type: RollingUpdate
{{ if not (or .Values.sawtooth.statefulset.enabled (eq $consensus 100)) }}
rollingUpdate:
maxUnavailable: {{ .Values.sawtooth.maxUnavailable | int }}
{{- end }}
{{ if (semverCompare "^1.22" .Capabilities.KubeVersion.Version) -}}
minReadySeconds: {{ .Values.sawtooth.minReadySeconds | int }}
{{- end }}
selector:
matchLabels: {{- include "sawtooth.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels: {{- include "sawtooth.labels.matchLabels" . | nindent 8 }}
annotations: {{- toYaml .Values.sawtooth.statefulset.podAnnotations | nindent 8 }}
spec:
serviceAccountName: {{ include "lib.serviceAccountName" . }}
automountServiceAccountToken: true
affinity: {{- include "sawtooth.affinity" . | nindent 8 }}
hostAliases: {{- include "sawtooth.hostaliases" . | nindent 8 }}
containers: {{- include "sawtooth.containers" . | nindent 8 }}
initContainers:
- name: setup
{{- include "lib.image" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global ) |nindent 10 }}
volumeMounts:
{{- include "sawtooth.etc.mount" . | nindent 12 }}
{{- include "sawtooth.data.mount" . | nindent 12 }}
{{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 12 }}
{{- include "sawtooth.container.command" . | nindent 10 }}
{{- include "sawtooth.container.env" (dict "container" .Values.sawtooth.containers.validator "values" .Values "global" .Values.global) | nindent 10 }}
args:
- |
{{- include "sawtooth.genesis.reset" . | nindent 14 }}
mkdir -p /etc/sawtooth/genesis
mkdir -p /etc/sawtooth/keys
if [ ! -r /etc/sawtooth/keys/validator.priv ]; then
sawadm keygen --force
fi
{{ if .Values.sawtooth.genesis.enabled }}
{{- include "sawtooth.container.poet-registration" . | nindent 8 }}
{{ end }}
volumes:
{{- include "sawtooth.signals.volume" . | nindent 8 }}
{{- include "sawtooth.scripts.volume" . | nindent 8 }}
{{- include "lib.volumes" .Values.extraVolumes | nindent 8 }}
{{ if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) }}
volumeClaimTemplates:
{{- include "sawtooth.data.volume.vct" . | nindent 4 }}
{{- include "sawtooth.etc.volume.vct" . | nindent 4 }}
{{ else }}
{{- include "sawtooth.etc.volume" . | nindent 8 }}
{{- include "sawtooth.data.volume" . | nindent 8 }}
{{ end }}

27
charts/btp/chronicle/charts/sawtooth/templates/validators-svcs.yaml
View File

@ -1,27 +0,0 @@
{{$peering:= .Values.sawtooth.dynamicPeering }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{ include "sawtooth.labels" . | nindent 4}}
component: sawtooth
spec:
type: ClusterIP
clusterIP: None
ports:
- port: {{ include "sawtooth.ports.rest" . }}
protocol: TCP
targetPort: {{ include "sawtooth.ports.rest" . }}
name: rest-api
- port: {{ include "sawtooth.ports.sawnet" . }}
protocol: TCP
targetPort: {{ include "sawtooth.ports.sawnet" . }}
name: sawnet
- port: {{ include "sawtooth.ports.sawcomp" . }}
protocol: TCP
targetPort: {{ include "sawtooth.ports.sawcomp" . }}
name: sawcomp
selector: {{- include "sawtooth.labels.matchLabels" . | nindent 4 }}

480
charts/btp/chronicle/charts/sawtooth/values.yaml
View File

@ -1,480 +0,0 @@
---
## @md # Sawtoooth
## @md
## @md | field | description | default |
## @md |-|-|-|
affinity:
## @md | `affinity.enabled` | false: no effect true: then validators will be deployed only to k8s nodes with the label `app={{ .sawtooth.networkName }}-validator` | false |
# Normally set this as disabled.
# If false - no effect, validators are run on every ( or in the case of devmode any one)
# node in the cluster.
# If True, then validators will be deployed only to k8s nodes with the label
# app={{ .sawtooth.networkName }}-validator
enabled: false
global:
logLevel: warn
image:
registry:
tag:
## @md | `commonLabels` |
commonLabels: {}
commonAnnotations: {}
# This is optional,
# if false the values are ignored,
# if true then there should exist a secret within the namespace
# of the given names, multiple values are acceptable
hostAliases:
imagePullSecrets:
## @md | `imagePullSecrets.enabled` | if true use the list of named imagePullSecrets | false |
enabled: false
## @md | `imagePullSecrets.value` | a list if named secret references of the form ```- name: secretName```| [] |
value: []
ingress:
## @md | `ingress.apiVersion` | if necessary the apiVersion of the ingress may be overridden | "" |
apiVersion: ""
## @md | `ingress.enabled` | true to enable the ingress to the main service rest-api | false |
enabled: false
## @md | `ingress.certManager` | true to enable the acme certmanager for this ingress | false |
certManager: false
## @md | `ingress.hostname` | primary hostname for the ingress | false |
hostname: "sawtooth.local"
## @md | `ingress.path` | path for the ingress's primary hostname | / |
path: /
## @md | `ingress.pathType` | pathType for the ingress's primary hostname | nil |
pathType:
## @md | `ingress.annotations` | annotations for the ingress | {} |
annotations: {}
## @md | `ingress.tls` | true to enable tls on the ingress with a secrete at hostname-tls | false |
tls: false
## @md | `ingress.extraHosts` | list of extra hosts to add to the ingress | [] |
extraHosts: []
## @md | `ingress.extraPaths` | list of extra paths to add to the primary host of the ingress | [] |
extraPaths: []
## @md | `ingress.extraTls` | list of extra tls entries | [] |
extraTls: []
pagerduty:
## @md | `pagerduty.enabled` | if true send pagerduty alerts | false |
enabled: false
## @md | `pagerduty.token` | pagerduty user token | nil |
token:
## @md | `pagerduty.serviceid` | pagerduty serviceid | nil |
serviceid:
sawtooth:
opentsdb:
## @md | `sawtooth.opentsdb.db` | name of the opentsdb database to be used | metrics |
db: metrics
## @md | `sawtooth.opentsdb.url` | url of the opentsdb database to be used | nil |
url:
## @md | `sawtooth.opentsdb.enabled` | whether to enable the opentsdb metrics | false |
enabled: false
statefulset:
enabled: true
replicas:
podAnnotations:
## @md | `sawtooth.minReadySeconds` | the minimum time a pod must be Running before proceeding on a rolling update | 120 |
minReadySeconds: 120
## @md | `sawtooth.maxUnavailable` | maximum number of pods allowed down on a rollout or update | 1 |
maxUnavailable: 1
containers:
block_info:
## @md | `sawtooth.containers.block_info.args` | extra args for block-info-tp | nil |
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-block-info-tp
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
devmode_engine:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-devmode-engine-rust
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
identity_tp:
## @md | `sawtooth.containers.identity_tp.args` | extra args for identity-tp | nil |
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-identity-tp
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
intkey_tp:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-intkey-tp-go
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
monitor:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-shell
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "100m"
requests:
cpu: "100m"
pbft_engine:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-pbft-engine
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
poet_engine:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-poet-engine
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
poet_validator_registry_tp:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-poet-validator-registry-tp
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
poet_registration:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-poet-cli
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
raft_engine:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-raft-engine
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
rest_api:
## @md | `sawtooth.containers.rest_api.args` | extra args for rest-api | nil |
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-rest-api
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
seth_rpc:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-seth-rpc
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
seth_tp:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-seth-tp
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
settings_tp:
## @md | `sawtooth.containers.settings_tp.args` | extra args for settings-tp | nil |
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-settings-tp
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
smallbank_tp:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-smallbank-tp-go
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
validator:
## @md | `sawtooth.containers.validator.args` | extra args for validator | nil |
args:
## @md | `sawtooth.containers.validator.env` | list of environment name/value dicts | nil |
env:
- name: RUST_BACKTRACE
value: "1"
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-validator
tag: BTP2.1.0
logLevel:
resources: {}
xo_tp:
args:
env:
image:
pullPolicy:
registry:
repository: blockchaintp/sawtooth-xo-tp-go
tag: BTP2.1.0
logLevel:
resources:
limits:
cpu: "250m"
requests:
cpu: "50m"
perNodeServiceType: ClusterIP
persistence:
enabled: true
annotations:
accessModes:
- "ReadWriteOnce"
storageClass:
size: 40Gi
ports:
## @md | `sawtooth.ports.sawnet` | port for the sawtooth validator network | 8800 |
sawnet: 8800
## @md | `sawtooth.ports.consensus` | port for the sawtooth consensus network | 5050 |
consensus: 5050
## @md | `sawtooth.ports.sawcomp` | port for the sawtooth component network | 4004 |
sawcomp: 4004
## @md | `sawtooth.ports.rest` | port for the sawtooth rest-api | 8008 |
rest: 8008
livenessProbe:
## @md | `sawtooth.livenessProbe.enabled` | whether to run the livenessProbe on the validator | false |
enabled: false
## @md | `sawtooth.livenessProbe.initialDelaySeconds` | seconds to wait before running the liveness probe the first time | 300 |
initialDelaySeconds: 300
## @md | `sawtooth.livenessProbe.periodSeconds` | interval in seconds to re-run the liveness probe | 120 |
periodSeconds: 120
## @md | `sawtooth.livenessProbe.active` | if false, the liveness probe will run and evaluate the the situation, but always return successfully | string | "false"
active: "false"
## @md | `sawtooth.livenessProbe.exitSignals` | when restarting due to a livenessProbe failure, the validator pod has a "signal" system which will cause it to restart the named containers in this var | "block-info-tp" |
exitSignals: "block-info-tp pbft-engine"
heartbeat:
## @md | `sawtooth.heartbeat.interval` | interval in seconds to issue a heartbeat | 300 |
interval: 300
## @md | `sawtooth.permissioned` | Whether to run this chain as a permissioned chain or not | false |
permissioned: false
# This MUST be chosen by the user
# Follows DNS naming rules
## @md | `sawtooth.namespace` | namespace to render these templates into (deprecated) | "prod" |
namespace: prod
# This MUST be chosen by the user.
# Follows DNS naming rules
## @md | `sawtooth.networkName` | name of this sawtooth network (deprecated) | "mynetwork" |
networkName: mynetwork
# serial or parallel
## @md | `sawtooth.scheduler` | name of the sawtooth transaction scheduler to use | string | "serial"
scheduler: serial
# 100 - DevMode, 200 - PoET,300 - Raft, 400 - pbft
# Engines can be enabled, but they aren't active unless they are selected
# as the consensus algorithm.
## @md | `sawtooth.consensus` | id of the the consensus algorithm to use< valid values: 100:DevMode, 200, PoET, 300 - Raft, 400, PBFT | int | 200
consensus: 200
genesis:
## @md | `sawtooth.genesis.enabled` | If true, and the cluster is starting for the first time, then a node will be selected to create and submit the genesis block | true |
enabled: true
## @md | `sawtooth.genesis.seed` | The seed is an arbitrary string which identifies a given genesis If the data of a given set of nodes is to be wiped out, change this value. | "9a2de774-90b5-11e9-9df0-87e889b0f1c9" |
seed: "9a2de774-90b5-11e9-9df0-87e889b0f1c9"
## @md | `sawtooth.dynamicPeering` | Dynamic Peering should default to false, since it is a bit unreliable | false |
dynamicPeering: false
## @md | `sawtooth.externalSeeds` | a list of maps defining validator endpoints external to this deployment | [] |
externalSeeds: []
seth:
# This should default to false, there appear to be problems with the required
# block_info block injector that this depends upon
## @md | `sawtooth.seth.enabled` | enabled sawtooth-seth | false |
enabled: false
xo:
# default this to false since you probably don't want it in real life
## @md | `sawtooth.xo.enabled` | enabled sawtooth-xo-tp | false |
enabled: false
smallbank:
# default this to false since you probably don't want it in real life
## @md | `sawtooth.smallbank.enabled` | enabled sawtooth-smallbank-tp | false |
enabled: false
volumes:
# This MUST be set, and SHOULD be presented to the user as an option, as it is a likely area
# of customization
## @md | `sawtooth.hostPathBaseDir` | all sawtooth hostPath directories will be based here | string | /var/lib/btp
hostPathBaseDir: /var/lib/btp/
# This is an arbitrary cool down period to wait for validators to initialize
# before starting any client operations
## @md | `sawtooth.client_wait` | arbitrary delay to validator client startup, such as the rest-api | 90 |
client_wait: 90
## @md | `sawtooth.customTPs` | a list of [custom tp definitions](#custom-tp-definitions) | nil |
customTPs:
# A list of basic container definitions
# - name: intkey-tp
# image: "blockchaintp/sawtooth-intkey-tp-go:1.0.5"
# command: [ "bash", "-c" ]
# args: [ "intkey-tp-go -v --connect tcp://localhost:4004" ]
## @md | `sawtooth.affinity` | custom affinity rules for the sawtooth validator deamonset | nil |
affinity: {}
serviceAccount:
create: true
name:
# The below are mostly controlled by BTP, although an "advanced" option to customize them may be
# presented
## @md | `images` | a map containing all of the image urls used by this template| N/A |
images:
## @md
## @md ## Images
## @md
## @md | field | default |
## @md |- |- |
## @md | `images.devmode_engine` | blockchaintp/sawtooth-devmode-engine-rust:BTP2.1.0
devmode_engine:
## @md | `images.pbft_engine` | blockchaintp/sawtooth-pbft-engine:BTP2.1.0
pbft_engine:
## @md | `images.poet_cli` | blockchaintp/sawtooth-poet-cli:BTP2.1.0
poet_cli:
## @md | `images.poet_engine` | blockchaintp/sawtooth-poet-engine:BTP2.1.0
poet_engine:
## @md | `images.poet_validator_registry_tp` | blockchaintp/sawtooth-poet-validator-registry-tp:BTP2.1.0
poet_validator_registry_tp:
## @md | `images.raft_engine` | blockchaintp/sawtooth-raft-engine:BTP2.1.0
raft_engine:
## @md | `images.block_info_tp` | blockchaintp/sawtooth-block-info-tp:BTP2.1.0
block_info_tp:
## @md | `images.identity_tp` | blockchaintp/sawtooth-identity-tp:BTP2.1.0
identity_tp:
## @md | `images.intkey_tp` | blockchaintp/sawtooth-intkey-tp-go:BTP2.1.0
intkey_tp:
## @md | `images.settings_tp` | blockchaintp/sawtooth-settings-tp:BTP2.1.0
settings_tp:
## @md | `images.shell` | blockchaintp/sawtooth-shell:BTP2.1.0
shell:
## @md | `images.smallbank_tp` | blockchaintp/sawtooth-smallbank-tp-go:BTP2.1.0
smallbank_tp:
## @md | `images.validator` | blockchaintp/sawtooth-validator:BTP2.1.0
validator:
## @md | `images.xo_tp` | blockchaintp/sawtooth-xo-tp-go:BTP2.1.0
xo_tp:
## @md | `images.rest_api` | blockchaintp/sawtooth-rest-api:BTP2.1.0
rest_api:
## @md | `images.seth_rpc` | blockchaintp/sawtooth-seth-rpc:BTP2.1.0
seth_rpc:
## @md | `images.seth_tp` | blockchaintp/sawtooth-seth-tp:BTP2.1.0
seth_tp:
## @md | `images.xo_demo` | blockchaintp/xo-demo:BTP2.1.0
xo_demo:
## @md
## @md ## Custom TP Definitions
## @md
## @md Custom TP definitions are describe using maps with the following fields
## @md
## @md | field | description | default |
## @md |-|-|-|
## @md | `name` | name of the custom tp container(must be unique within the pod) | nil |
## @md | `image` | url of the image for this tp | nil |
## @md | `command` | list of command tokens for this tp | list | nil
## @md | `arg` | list of arguments to the command | nil] |
## @md | `extraVolumes` | a list of additional volumes to add to all StatefulSets, Deployments, and DaemonSets | `[]` |
extraVolumes: []
## @md | `extraVolumeMounts` | a list of additional volume mounts to add to all StatefulSet, Deployment, and DaemonSet containers | `[]` |
extraVolumeMounts: []

6
charts/btp/chronicle/charts/standard-defs/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: common
repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
version: 1.8.0
digest: sha256:bdd898d81e711e825f3bfc9e0b0e0668382ff1ff02d74874b6b6997ae0bbc9ce
generated: "2022-06-17T20:57:49.357553367Z"

10
charts/btp/chronicle/charts/standard-defs/Chart.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v2
appVersion: 0.1.0
dependencies:
- name: common
repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami
version: ~1.8.0
description: BTP Standard Template definitions and dependencies
name: standard-defs
type: library
version: 0.1.3

0
charts/btp/chronicle/charts/standard-defs/README.md
View File

22
charts/btp/chronicle/charts/standard-defs/charts/common/.helmignore
View File

@ -1,22 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

23
charts/btp/chronicle/charts/standard-defs/charts/common/Chart.yaml
View File

@ -1,23 +0,0 @@
annotations:
category: Infrastructure
apiVersion: v2
appVersion: 1.8.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/master/bitnami/common
icon: https://bitnami.com/downloads/logos/bitnami-mark.png
keywords:
- common
- helper
- template
- function
- bitnami
maintainers:
- email: containers@bitnami.com
name: Bitnami
name: common
sources:
- https://github.com/bitnami/charts
- http://www.bitnami.com/
type: library
version: 1.8.0

327
charts/btp/chronicle/charts/standard-defs/charts/common/README.md
View File

@ -1,327 +0,0 @@
# Bitnami Common Library Chart
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts.
## TL;DR
```yaml
dependencies:
- name: common
version: 0.x.x
repository: https://charts.bitnami.com/bitnami
```
```bash
$ helm dependency update
```
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
data:
myvalue: "Hello World"
```
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications.
## Prerequisites
- Kubernetes 1.12+
- Helm 3.1.0
## Parameters
The following table lists the helpers available in the library which are scoped in different sections.
### Affinities
| Helper identifier | Description | Expected Input |
|-------------------------------|------------------------------------------------------|------------------------------------------------|
| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
### Capabilities
| Helper identifier | Description | Expected Input |
|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for policy | `.` Chart context |
| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
### Errors
| Helper identifier | Description | Expected Input |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
### Images
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
### Ingress
| Helper identifier | Description | Expected Input |
|-------------------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
### Labels
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|-------------------|
| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context |
### Names
| Helper identifier | Description | Expected Inpput |
|-------------------------|------------------------------------------------------------|-------------------|
| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
| `common.names.chart` | Chart name plus version | `.` Chart context |
### Secrets
| Helper identifier | Description | Expected Input |
|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
### Storage
| Helper identifier | Description | Expected Input |
|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
### TplValues
| Helper identifier | Description | Expected Input |
|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
### Utils
| Helper identifier | Description | Expected Input |
|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
### Validations
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis&trade; are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB&reg; are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
### Warnings
| Helper identifier | Description | Expected Input |
|------------------------------|----------------------------------|------------------------------------------------------------|
| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
## Special input schemas
### ImageRoot
```yaml
registry:
type: string
description: Docker registry where the image is located
example: docker.io
repository:
type: string
description: Repository and image name
example: bitnami/nginx
tag:
type: string
description: image tag
example: 1.16.1-debian-10-r63
pullPolicy:
type: string
description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
pullSecrets:
type: array
items:
type: string
description: Optionally specify an array of imagePullSecrets (evaluated as templates).
debug:
type: boolean
description: Set to true if you would like to see extra information on logs
example: false
## An instance would be:
# registry: docker.io
# repository: bitnami/nginx
# tag: 1.16.1-debian-10-r63
# pullPolicy: IfNotPresent
# debug: false
```
### Persistence
```yaml
enabled:
type: boolean
description: Whether enable persistence.
example: true
storageClass:
type: string
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
example: "-"
accessMode:
type: string
description: Access mode for the Persistent Volume Storage.
example: ReadWriteOnce
size:
type: string
description: Size the Persistent Volume Storage.
example: 8Gi
path:
type: string
description: Path to be persisted.
example: /bitnami
## An instance would be:
# enabled: true
# storageClass: "-"
# accessMode: ReadWriteOnce
# size: 8Gi
# path: /bitnami
```
### ExistingSecret
```yaml
name:
type: string
description: Name of the existing secret.
example: mySecret
keyMapping:
description: Mapping between the expected key name and the name of the key in the existing secret.
type: object
## An instance would be:
# name: mySecret
# keyMapping:
# password: myPasswordKey
```
#### Example of use
When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
```yaml
# templates/secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
app: {{ include "common.names.fullname" . }}
type: Opaque
data:
password: {{ .Values.password | b64enc | quote }}
# templates/dpl.yaml
---
...
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
...
# values.yaml
---
name: mySecret
keyMapping:
password: myPasswordKey
```
### ValidateValue
#### NOTES.txt
```console
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
```
If we force those values to be empty we will see some alerts
```console
$ helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode)
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode)
```
## Upgrading
### To 1.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/

102
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_affinities.tpl
View File

@ -1,102 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return a soft nodeAffinity definition
{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.soft" -}}
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
weight: 1
{{- end -}}
{{/*
Return a hard nodeAffinity definition
{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.hard" -}}
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
{{- end -}}
{{/*
Return a nodeAffinity definition
{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.nodes.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.nodes.hard" . -}}
{{- end -}}
{{- end -}}
{{/*
Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}}
*/}}
{{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
namespaces:
- {{ .context.Release.Namespace | quote }}
topologyKey: kubernetes.io/hostname
weight: 1
{{- end -}}
{{/*
Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}}
*/}}
{{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
namespaces:
- {{ .context.Release.Namespace | quote }}
topologyKey: kubernetes.io/hostname
{{- end -}}
{{/*
Return a podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.pods" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.pods.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
{{- end -}}

117
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_capabilities.tpl
View File

@ -1,117 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "common.capabilities.kubeVersion" -}}
{{- if .Values.global }}
{{- if .Values.global.kubeVersion }}
{{- .Values.global.kubeVersion -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for policy.
*/}}
{{- define "common.capabilities.policy.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "policy/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for cronjob.
*/}}
{{- define "common.capabilities.cronjob.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "batch/v1beta1" -}}
{{- else -}}
{{- print "batch/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.apiVersion -}}
{{- .Values.ingress.apiVersion -}}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end }}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for RBAC resources.
*/}}
{{- define "common.capabilities.rbac.apiVersion" -}}
{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for CRDs.
*/}}
{{- define "common.capabilities.crd.apiVersion" -}}
{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiextensions.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiextensions.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the used Helm version is 3.3+.
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
**To be removed when the catalog's minimun Helm version is 3.3**
*/}}
{{- define "common.capabilities.supportsHelmVersion" -}}
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
{{- true -}}
{{- end -}}
{{- end -}}

23
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_errors.tpl
View File

@ -1,23 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
{{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
{{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
{{- $errorString = print $errorString "\n%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

75
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_images.tpl
View File

@ -1,75 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $tag := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.imageRegistry }}
{{- $registryName = .global.imageRegistry -}}
{{- end -}}
{{- end -}}
{{- if $registryName }}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- else -}}
{{- printf "%s:%s" $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
*/}}
{{- define "common.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names evaluating values as templates
{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
*/}}
{{- define "common.images.renderPullSecrets" -}}
{{- $pullSecrets := list }}
{{- $context := .context }}
{{- if $context.Values.global }}
{{- range $context.Values.global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

55
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_ingress.tpl
View File

@ -1,55 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate backend entry that is compatible with all Kubernetes API versions.
Usage:
{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
Params:
- serviceName - String. Name of an existing service backend
- servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.ingress.backend" -}}
{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
serviceName: {{ .serviceName }}
servicePort: {{ .servicePort }}
{{- else -}}
service:
name: {{ .serviceName }}
port:
{{- if typeIs "string" .servicePort }}
name: {{ .servicePort }}
{{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
number: {{ .servicePort | int }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Print "true" if the API pathType field is supported
Usage:
{{ include "common.ingress.supportsPathType" . }}
*/}}
{{- define "common.ingress.supportsPathType" -}}
{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the ingressClassname field is supported
Usage:
{{ include "common.ingress.supportsIngressClassname" . }}
*/}}
{{- define "common.ingress.supportsIngressClassname" -}}
{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}

18
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_labels.tpl
View File

@ -1,18 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "common.labels.standard" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
helm.sh/chart: {{ include "common.names.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "common.labels.matchLabels" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}

32
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_names.tpl
View File

@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

129
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_secrets.tpl
View File

@ -1,129 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate secret name.
Usage:
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.secrets.name" -}}
{{- $name := (include "common.names.fullname" .context) -}}
{{- if .defaultNameSuffix -}}
{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- with .existingSecret -}}
{{- if not (typeIs "string" .) -}}
{{- with .name -}}
{{- $name = . -}}
{{- end -}}
{{- else -}}
{{- $name = . -}}
{{- end -}}
{{- end -}}
{{- printf "%s" $name -}}
{{- end -}}
{{/*
Generate secret key.
Usage:
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
- key - String - Required. Name of the key in the secret.
*/}}
{{- define "common.secrets.key" -}}
{{- $key := .key -}}
{{- if .existingSecret -}}
{{- if not (typeIs "string" .existingSecret) -}}
{{- if .existingSecret.keyMapping -}}
{{- $key = index .existingSecret.keyMapping $.key -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}
{{/*
Generate secret password or retrieve one if already created.
Usage:
{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- length - int - Optional - Length of the generated random password.
- strong - Boolean - Optional - Whether to add symbols to the generated random password.
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.passwords.manage" -}}
{{- $password := "" }}
{{- $subchart := "" }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
{{- if $secret }}
{{- if index $secret.data .key }}
{{- $password = index $secret.data .key }}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
{{- $subchart = $chartName }}
{{- end -}}
{{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
{{- $passwordValidationErrors := list $requiredPasswordError -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
{{- if .strong }}
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- printf "%s" $password -}}
{{- end -}}
{{/*
Returns whether a previous generated secret already exists
Usage:
{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.exists" -}}
{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
{{- if $secret }}
{{- true -}}
{{- end -}}
{{- end -}}

23
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_storage.tpl
View File

@ -1,23 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Storage Class
{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
*/}}
{{- define "common.storage.class" -}}
{{- $storageClass := .persistence.storageClass -}}
{{- if .global -}}
{{- if .global.storageClass -}}
{{- $storageClass = .global.storageClass -}}
{{- end -}}
{{- end -}}
{{- if $storageClass -}}
{{- if (eq "-" $storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" $storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}

13
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_tplvalues.tpl
View File

@ -1,13 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Renders a value that contains template.
Usage:
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "common.tplvalues.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

62
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_utils.tpl
View File

@ -1,62 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}
{{/*
Gets a value from .Values given
Usage:
{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
*/}}
{{- define "common.utils.getValueFromKey" -}}
{{- $splitKey := splitList "." .key -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $splitKey -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- printf "%v" (default "" $value) -}}
{{- end -}}
{{/*
Returns first .Values key with a defined value or first of the list if all non-defined
Usage:
{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
*/}}
{{- define "common.utils.getKeyFromList" -}}
{{- $key := first .keys -}}
{{- $reverseKeys := reverse .keys }}
{{- range $reverseKeys }}
{{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
{{- if $value -}}
{{- $key = . }}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

14
charts/btp/chronicle/charts/standard-defs/charts/common/templates/_warnings.tpl
View File

@ -1,14 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Warning about using rolling tag.
Usage:
{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
*/}}
{{- define "common.warnings.rollingTag" -}}
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}

72
charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_cassandra.tpl
View File

@ -1,72 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Cassandra required passwords are not empty.
Usage:
{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.cassandra.passwords" -}}
{{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
{{- $enabled := include "common.cassandra.values.enabled" . -}}
{{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
{{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.dbUser.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled cassandra.
Usage:
{{ include "common.cassandra.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.cassandra.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.cassandra.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key dbUser
Usage:
{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.key.dbUser" -}}
{{- if .subchart -}}
cassandra.dbUser
{{- else -}}
dbUser
{{- end -}}
{{- end -}}

103
charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_mariadb.tpl
View File

@ -1,103 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MariaDB required passwords are not empty.
Usage:
{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mariadb.passwords" -}}
{{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mariadb.values.enabled" . -}}
{{- $architecture := include "common.mariadb.values.architecture" . -}}
{{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mariadb.
Usage:
{{ include "common.mariadb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mariadb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mariadb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.key.auth" -}}
{{- if .subchart -}}
mariadb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

108
charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_mongodb.tpl
View File

@ -1,108 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MongoDB&reg; required passwords are not empty.
Usage:
{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MongoDB&reg; values are stored, e.g: "mongodb-passwords-secret"
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mongodb.passwords" -}}
{{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mongodb.values.enabled" . -}}
{{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
{{- $architecture := include "common.mongodb.values.architecture" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
{{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
{{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
{{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
{{- if and $valueUsername $valueDatabase -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replicaset") -}}
{{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mongodb.
Usage:
{{ include "common.mongodb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mongodb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mongodb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.key.auth" -}}
{{- if .subchart -}}
mongodb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}

131
charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_postgresql.tpl
View File

@ -1,131 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate PostgreSQL required passwords are not empty.
Usage:
{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.postgresql.passwords" -}}
{{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
{{- $enabled := include "common.postgresql.values.enabled" . -}}
{{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
{{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
{{- if and (not $existingSecret) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
{{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
{{- if (eq $enabledReplication "true") -}}
{{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to decide whether evaluate global values.
Usage:
{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
Params:
- key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
*/}}
{{- define "common.postgresql.values.use.global" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.postgresql -}}
{{- index .context.Values.global.postgresql .key | quote -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.existingSecret" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
{{- if .subchart -}}
{{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
{{- else -}}
{{- default (.context.Values.existingSecret | quote) $globalValue -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled postgresql.
Usage:
{{ include "common.postgresql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key postgressPassword.
Usage:
{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.postgressPassword" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
{{- if not $globalValue -}}
{{- if .subchart -}}
postgresql.postgresqlPassword
{{- else -}}
postgresqlPassword
{{- end -}}
{{- else -}}
global.postgresql.postgresqlPassword
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled.replication.
Usage:
{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.enabled.replication" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.replication.enabled -}}
{{- else -}}
{{- printf "%v" .context.Values.replication.enabled -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key replication.password.
Usage:
{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.replicationPassword" -}}
{{- if .subchart -}}
postgresql.replication.password
{{- else -}}
replication.password
{{- end -}}
{{- end -}}

76
charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_redis.tpl
View File

@ -1,76 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Redis&trade; required passwords are not empty.
Usage:
{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.redis.passwords" -}}
{{- $enabled := include "common.redis.values.enabled" . -}}
{{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
{{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
{{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
{{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
{{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
{{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
{{- if and (not $existingSecretValue) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
{{- if eq $useAuth "true" -}}
{{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled redis.
Usage:
{{ include "common.redis.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.redis.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.redis.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right prefix path for the values
Usage:
{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.redis.values.keys.prefix" -}}
{{- if .subchart -}}redis.{{- else -}}{{- end -}}
{{- end -}}
{{/*
Checks whether the redis chart's includes the standarizations (version >= 14)
Usage:
{{ include "common.redis.values.standarized.version" (dict "context" $) }}
*/}}
{{- define "common.redis.values.standarized.version" -}}
{{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
{{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
{{- if $standarizedAuthValues -}}
{{- true -}}
{{- end -}}
{{- end -}}

46
charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_validations.tpl
View File

@ -1,46 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate values must not be empty.
Usage:
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.multiple.empty" -}}
{{- range .required -}}
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
{{- end -}}
{{- end -}}
{{/*
Validate a value must not be empty.
Usage:
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
- subchart - String - Optional - Name of the subchart that the validated password is part of.
*/}}
{{- define "common.validations.values.single.empty" -}}
{{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
{{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
{{- if not $value -}}
{{- $varname := "my-value" -}}
{{- $getCurrentValue := "" -}}
{{- if and .secret .field -}}
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
{{- end -}}
{{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
{{- end -}}
{{- end -}}

5
charts/btp/chronicle/charts/standard-defs/charts/common/values.yaml
View File

@ -1,5 +0,0 @@
## bitnami/common
## It is required by CI/CD tools and processes.
## @skip exampleValue
##
exampleValue: common-chart

101
charts/btp/chronicle/charts/standard-defs/templates/_ingress.tpl
View File

@ -1,101 +0,0 @@
{{/*
include "ingress" (dict "ingressName" "myingress" "ingress" path.to.ingress "serviceName" "the-service" "servicePort" 9090 "context" $)
ingress:
enabled: true
certManager: false
pathType: ImplementationSpecific
apiVersion: ""
hostname: theservice.local
path: /
annotations: {}
tls: false
extraHosts: []
extraPaths: []
extraTls: []
secrets: []
*/}}
{{- define "lib.ingress" -}}
{{- $ctx := .context -}}
{{- $ingressName := .ingressName -}}
{{- $serviceName := .serviceName -}}
{{- $servicePort := .servicePort -}}
{{- $extraPaths := .ingress.extraPaths -}}
{{- if .ingress.enabled -}}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" $ctx }}
kind: Ingress
metadata:
name: {{ $ingressName }}
namespace: {{ $ctx.Release.Namespace | quote }}
labels: {{- include "common.labels.standard" $ctx | nindent 4 }}
{{- if $ctx.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonLabels "context" $ctx ) | nindent 4 }}
{{- end }}
annotations:
{{- if .ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .ingress.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .ingress.annotations "context" $ctx ) | nindent 4 }}
{{- end }}
{{- if $ctx.Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonAnnotations "context" $ctx ) | nindent 4 }}
{{- end }}
spec:
rules:
{{- if .ingress.hostname }}
- host: {{ .ingress.hostname }}
http:
paths:
- path: {{ .ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }}
pathType: {{ default "ImplementationSpecific" .ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }}
{{- include "lib.safeToYaml" $extraPaths | nindent 10 }}
{{- end }}
{{- range .ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }}
{{- include "lib.safeToYaml" $extraPaths | nindent 10 }}
{{- end }}
{{/* .ingress.hosts is deprecated */}}
{{- range .ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- if .path }}
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }}
{{- end }}
{{- range .paths }}
- path: {{ . | quote }}
{{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }}
pathType: ImplementationSpecific
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }}
{{- end }}
{{- end }}
{{/* .ingress.hosts is deprecated */}}
{{- if or .ingress.tls .ingress.extraTls }}
tls:
{{- if .ingress.tls }}
- hosts:
- {{ .ingress.hostname }}
secretName: {{ printf "%s-tls" .ingress.hostname }}
{{- end }}
{{- if .ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .ingress.extraTls "context" $ctx ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}

51
charts/btp/chronicle/charts/standard-defs/templates/_lib.tpl
View File

@ -1,51 +0,0 @@
{{/*
Call a template function in the context of a sub-chart, as opposed to the
current context of the caller
{{ include "lib.call-nested" (list . "subchart" "template_name") }}
*/}}
{{- define "lib.call-nested" }}
{{- $dot := index . 0 }}
{{- $subchart := index . 1 | splitList "." }}
{{- $template := index . 2 }}
{{- $values := $dot.Values }}
{{- range $subchart }}
{{- $values = index $values . }}
{{- end }}
{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "lib.labels" -}}
helm.sh/chart: {{ include "common.names.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{ include "common.labels.matchLabels" . }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "lib.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Given a variable, if it is not false, output as Yaml
include "lib.safeToYaml" .Values.something
*/}}
{{- define "lib.safeToYaml" -}}
{{- if . -}}
{{ toYaml . }}
{{- end -}}
{{- end -}}

50
charts/btp/chronicle/charts/standard-defs/templates/_lib_image.tpl
View File

@ -1,50 +0,0 @@
{{/*
Given a setup like the following:
# global and on down are optional
global:
image:
registry: my-registry.com
tag: latest
# This is the imageRoot
somecomponent:
image:
registry: my-other-registry.com
tag: 1.0.0
repository: bobs/coolthing
*/}}
{{/*
{{ include "lib.image.url" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}}
*/}}
{{- define "lib.image.url" -}}
{{- $globalRegistryName := "" -}}
{{- $globalTag := "latest" -}}
{{- if .global -}}
{{- if .global.image -}}
{{- if .global.image.registry -}}
{{- $globalRegistryName = .global.image.registry -}}
{{- end -}}
{{- if .global.image.tag -}}
{{- $globalTag = .global.image.tag -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $repository := .imageRoot.repository -}}
{{- $registry := default $globalRegistryName .imageRoot.registry -}}
{{- $tag := default $globalTag .imageRoot.tag -}}
{{- if $registry -}}
{{- printf "%s/%s:%s" $registry $repository $tag -}}
{{- else -}}
{{- printf "%s:%s" $repository $tag -}}
{{- end -}}
{{- end -}}
{{/*
{{ include "utils.image" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}}
*/}}
{{- define "lib.image" -}}
image: {{ include "lib.image.url" . }}
imagePullPolicy: {{ default "IfNotPresent" .imageRoot.pullPolicy }}
{{- end -}}

34
charts/btp/chronicle/charts/standard-defs/templates/_lib_volumes.tpl
View File

@ -1,34 +0,0 @@
{{/*
given a variable list, create a list of volumes
extraVolumes:
- name: pv-data
persistentVolumeClaim:
claimName: pvc-persistent-cfg
- name: scratch
emptyDir: {}
include "lib.volumes" .Values.extraVolumes
*/}}
{{- define "lib.volumes" -}}
{{ include "lib.safeToYaml" . }}
{{- end -}}
{{/*
given a variable list, create a list of volumeMounts
extraVolumeMounts:
- name: pv-data
mountPath: /data
- name: scratch
mountPath: /scratch
include "lib.volumeMounts" .Values.extraVolumeMounts
*/}}
{{- define "lib.volumeMounts" -}}
{{ include "lib.safeToYaml" . }}
{{- end -}}

1
charts/btp/chronicle/charts/standard-defs/values.yaml
View File

@ -1 +0,0 @@
exampleValue: example

130
charts/btp/chronicle/questions.yaml
View File

@ -1,130 +0,0 @@
questions:
# Chronicle
- variable: image.repository
default: ""
required: false
type: string
label: Chronicle docker repository
description: The Chronicle docker repository to use. This may be domain specific, see https://docs.btp.works/chronicle
group: "Chronicle Settings"
- variable: image.tag
default: ""
required: false
type: string
label: Chronicle Image tag
description: The Chronicle docker image tag to use.
group: "Chronicle Settings"
- variable: webUi
default: false
required: false
type: boolean
label: Enable Web UI
description: Enables the graphql playground interface for development use.
group: "Chronicle Settings"
# Ingress Settings
- variable: ingress.enabled
default: "false"
required: false
type: boolean
label: Enable Chronicle ingress
description: Enable an ingress for the Chronicle service.
group: "Ingress Settings"
show_subquestion_if: true
subquestions:
- variable: ingress.hostname
default: ""
required: false
type: string
label: Ingress hostname
description: Primary hostname for the ingress.
group: "Ingress Settings"
- variable: ingress.path
default: ""
required: false
type: string
label: Hostname Path
description: Path for the ingress's primary hostname.
group: "Ingress Settings"
- variable: ingress.pathType
default: ""
required: false
type: string
label: Hostname PathType
description: PathType for the ingress's primary hostname.
group: "Ingress Settings"
- variable: ingress.certManager
default: "false"
required: false
type: boolean
label: Enable the acme certmanager for this ingress
description: Enable the acme certmanager for this ingress.
group: "Ingress Settings"
- variable: ingress.annotations
default: ""
required: false
type: string
label: Ingress annotations
description: Annotations for the ingress.
group: "Ingress Settings"
- variable: ingress.tls
default: false
required: false
type: boolean
label: Ingress TLS
description: Enable tls on the ingress with a secrete at hostname-tls.
group: "Ingress Settings"
# Chronicle database settings
- variable: postgres.persistence.enabled
default: "true"
type: boolean
required: true
label: Postgres persistance
description: Allocate a PVC for the internal Postgres instance
group: "Database settings"
- variable: postgres.enabled
default: "true"
required: true
type: boolean
label: Use internal postgres database
description: Create an internal Postgres instance for Chronicle, or if not supply details of an external Postgres.
group: "Database settings"
show_subquestion_if: false
subquestions:
- variable: postgres.user
default: "postgres"
required: true
type: string
label: Postgres user
description: User for the Postgres database
group: "Database settings"
- variable: postgres.host
default: "localhost"
required: true
type: string
label: Postgres host
description: Host for the Postgres database
group: "Database settings"
- variable: postgres.database
default: "postgres"
required: true
type: string
label: Database name
description: Database name for the Postgres database
group: "Database settings"
- variable: postgres.port
default: "5432"
required: true
type: int
label: Postgres port
description: Port for the Postgres database
group: "Database settings"
- variable: postgres.password
default: "postgres"
required: true
type: password
label: Postgres password
description: Password for the Postgres database
group: "Database settings"

130
charts/btp/chronicle/templates/_chronicle.tpl
View File

@ -1,130 +0,0 @@
{{- define "chronicle.replicas" -}}
{{ .Values.replicas }}
{{- end -}}
{{- define "tp.replicas" -}}
{{ include "lib.call-nested" (list . "sawtooth" "sawtooth.replicas") | int }}
{{- end -}}
{{- define "chronicle.service.name" -}}
{{- $svc := include "common.names.fullname" . -}}
{{ printf "%s" $svc }}
{{- end -}}
{{- define "chronicle.labels.matchLabels" -}}
{{ include "common.labels.matchLabels" . }}
{{ include "chronicle.labels.appLabels" . }}
{{- end -}}
{{- define "chronicle.labels.appLabels" -}}
app: {{ include "common.names.fullname" . }}
chronicle: {{ include "common.names.fullname" . }}
{{- end -}}
{{- define "chronicle.labels" -}}
{{ include "lib.labels" . }}
{{ include "chronicle.labels.appLabels" . }}
{{- end -}}
{{- define "chronicle.sawtooth.sawcomp" -}}
{{ include "lib.call-nested" (list . "sawtooth" "sawtooth.ports.sawcomp") | int }}
{{- end -}}
{{- define "chronicle.sawtooth.rest" -}}
{{ include "lib.call-nested" (list . "sawtooth" "sawtooth.ports.rest") | int }}
{{- end -}}
{{- define "chronicle.sawtooth.service" -}}
{{- $svc := include "lib.call-nested" (list . "sawtooth" "common.names.fullname") -}}
{{- $ns := .Release.Namespace -}}
{{- $domain := "svc.cluster.local" -}}
{{ printf "%s.%s.%s" $svc $ns $domain }}
{{- end -}}
{{- define "chronicle.affinity" -}}
{{- if .Values.affinity -}}
{{- toYaml .Values.affinity }}
{{- end -}}
{{- end -}}
{{- define "chronicle.api.service" -}}
{{ include "chronicle.service.name" . }}-chronicle-api
{{- end -}}
{{- define "chronicle.id-provider.service" -}}
{{ include "common.names.fullname" . }}-test-id-provider
{{- end -}}
{{- define "chronicle.id-provider.service.jwks.url" -}}
http://{{ include "chronicle.id-provider.service" . }}:8090/jwks
{{- end -}}
{{- define "chronicle.id-provider.service.userinfo.url" -}}
http://{{ include "chronicle.id-provider.service" . }}:8090/userinfo
{{- end -}}
{{- define "chronicle.id-claims" -}}
{{- if .Values.auth.id.claims -}}
--id-claims {{ .Values.auth.id.claims }} \
{{- else -}}
{{- /* Do nothing */ -}}
{{- end -}}
{{- end -}}
{{/* The JWKS and userinfo URLs are connected. */}}
{{/* If either is provided Chronicle will use the user-provided options. */}}
{{/* If neither is provided Chronicle should fall back to using the 'devIdProvider'.*/}}
{{- define "chronicle.jwks-url.url" -}}
{{- if or (.Values.auth.jwks.url) (.Values.auth.userinfo.url) -}}
{{- if .Values.auth.jwks.url -}}
{{ .Values.auth.jwks.url }}
{{- end -}}
{{- else -}}
{{- if .Values.devIdProvider.enabled -}}
{{ include "chronicle.id-provider.service.jwks.url" . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "chronicle.jwks-url.cli" -}}
{{- if or (.Values.auth.jwks.url) (.Values.auth.userinfo.url) -}}
{{- if .Values.auth.jwks.url -}}
--jwks-address {{ include "chronicle.jwks-url.url" . }} \
{{- end -}}
{{- else -}}
{{- if .Values.devIdProvider.enabled -}}
--jwks-address {{ include "chronicle.jwks-url.url" . }} \
{{- end -}}
{{- end -}}
{{- end -}}
{{/* The JWKS and userinfo URLs are connected. */}}
{{/* If either is provided Chronicle will use the user-provided options. */}}
{{/* If neither is provided Chronicle should fall back to using the 'devIdProvider'.*/}}
{{- define "chronicle.userinfo-url" -}}
{{- if or (.Values.auth.jwks.url) (.Values.auth.userinfo.url) -}}
{{- if .Values.auth.userinfo.url -}}
{{ .Values.auth.userinfo.url }}
{{- end -}}
{{- else -}}
{{- if .Values.devIdProvider.enabled -}}
{{ include "chronicle.id-provider.service.userinfo.url" . }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "chronicle.userinfo-url.cli" -}}
{{- if or (.Values.auth.jwks.url) (.Values.auth.userinfo.url) -}}
{{- if .Values.auth.userinfo.url -}}
--userinfo-address {{ include "chronicle.userinfo-url" . }} \
{{- end -}}
{{- else -}}
{{- if .Values.devIdProvider.enabled -}}
--userinfo-address {{ include "chronicle.userinfo-url" . }} \
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "chronicle.root-key.secret" -}}
{{ include "common.names.fullname" . }}-root-key
{{- end -}}

44
charts/btp/chronicle/templates/_utils.tpl
View File

@ -1,44 +0,0 @@
{{/*
{{ include "utils.image.url" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}}
*/}}
{{- define "utils.image.url" -}}
{{- $globalRegistryName := default "index.docker.io" .global.image.registry -}}
{{- $repository := .imageRoot.repository -}}
{{- $registryName := default $globalRegistryName .imageRoot.registry -}}
{{- $tag := default .global.image.tag .imageRoot.tag -}}
{{- printf "%s/%s:%s" $registryName $repository $tag -}}
{{- end -}}
{{/*
{{ include "utils.image" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}}
*/}}
{{- define "utils.image" -}}
image: {{ include "utils.image.url" . }}
imagePullPolicy: {{ default "IfNotPresent" .imageRoot.pullPolicy }}
{{- end -}}
{{/* */}}
{{- define "utils.hostaliases" -}}
{{- if .Values.hostAliases -}}
{{ toYaml .Values.hostAliases }}
{{- end -}}
{{- end -}}
{{- define "utils.k8s.image" -}}
{{- include "utils.image" (dict "imageRoot" .Values.utils.k8s.image "global" .Values.global) -}}
{{- end -}}
{{/*
{{ include "utils.call-nested" (list . "subchart" "template_name") }}
*/}}
{{- define "utils.call-nested" }}
{{- $dot := index . 0 }}
{{- $subchart := index . 1 | splitList "." }}
{{- $template := index . 2 }}
{{- $values := $dot.Values }}
{{- range $subchart }}
{{- $values = index $values . }}
{{- end }}
{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
{{- end }}

17
charts/btp/chronicle/templates/chronicle-config.yaml
View File

@ -1,17 +0,0 @@
---
{{$stlServiceName := include "lib.call-nested" (list . "sawtooth" "common.names.fullname")}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{.Release.Name}}-chronicle-config
data:
config.toml: |
[secrets]
path = "/var/lib/chronicle/secrets/"
[store]
path = "/var/lib/chronicle/store/"
address = "postgresql://{{ .Values.postgres.user }}@{{ .Values.postgres.host }}:5432/{{ .Values.postgres.database }}"
[validator]
address = "tcp://{{ include "chronicle.sawtooth.service" . }}:{{ include "chronicle.sawtooth.sawcomp" . }}"
[namespace_bindings]
default = "fd717fd6-70f1-44c1-81de-287d5e101089"

228
charts/btp/chronicle/templates/chronicle-init.yaml
View File

@ -1,228 +0,0 @@
{{$stlServiceName := include "lib.call-nested" (list . "sawtooth" "common.names.fullname")}}
---
apiVersion: batch/v1
kind: Job
metadata:
annotations:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
name: {{ include "common.names.fullname" . }}-init
labels: {{ include "chronicle.labels" . | nindent 4 }}
component: chronicle
spec:
template:
metadata:
labels: {{ include "chronicle.labels" . | nindent 8 }}
component: chronicle
spec:
restartPolicy: Never
serviceAccountName: {{ include "lib.serviceAccountName" . }}
automountServiceAccountToken: true
volumes: {{- include "lib.volumes" .Values.opa.tp.extraVolumes | nindent 8 }}
- name: shared-data
emptyDir: {}
initContainers:
- name: get-secret
image: alpine/k8s:1.24.13
command: [ "sh", "-ec" ]
args:
- |
if kubectl get secret {{ include "chronicle.root-key.secret" . }} -n {{.Release.Namespace}} >/dev/null 2>&1; then
echo "Secret found."
kubectl get secret {{ include "chronicle.root-key.secret" . }} -n {{.Release.Namespace}} -o jsonpath='{.data.*}' | base64 -d > /shared-data/root.pem
touch /shared-data/secret-found
else
echo "Secret not found."
fi
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: generate-secret
{{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }}
command: [ "bash", "-ec"]
args:
- |
if [[ ! -f "/shared-data/root.pem" ]]; then
echo "Generating new root key."
opactl generate --output /shared-data/root.pem
else
echo "Root key already exists."
fi
env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }}
- name: RUST_LOG
value: {{ .Values.logLevel }}
- name: RUST_BACKTRACE
value: {{ .Values.backtraceLevel }}
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: create-secret
image: alpine/k8s:1.24.13
command: [ "sh", "-ec" ]
args:
- |
if [ -f "/shared-data/secret-found" ]; then
echo "Secret already exists."
else
echo "Creating k8s secret from key."
kubectl create secret generic {{ include "chronicle.root-key.secret" . }} \
-n {{ .Release.Namespace }} \
--from-file=/shared-data/root.pem
fi
volumeMounts:
- name: shared-data
mountPath: /shared-data
{{ if .Values.opa.enabled }}
- name: opa-bootstrap-root
{{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }}
command: [ "bash", "-ec"]
args:
- |
wait-for-it $HOST:$PORT --timeout=0
echo "Waiting to ensure Sawtooth validator is ready ..."
sleep 100
if [[ -f "/shared-data/secret-found" ]]; then
echo "Skipping root key bootstrap."
else
opactl \
--sawtooth-address tcp://$HOST:$PORT \
bootstrap \
--root-key /shared-data/root.pem
fi
env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }}
- name: HOST
value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
- name: PORT
value: "{{ include "chronicle.sawtooth.sawcomp" . }}"
- name: RUST_LOG
value: {{ .Values.logLevel }}
- name: RUST_BACKTRACE
value: {{ .Values.backtraceLevel }}
volumeMounts:
- name: shared-data
mountPath: /shared-data
{{ if .Values.opa.policy.url }}
- name: wait-for-sawtooth-rest-api
{{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }}
command: [ "bash", "-ec"]
args:
- |
wait-for-it $HOST:$PORT --timeout=0
echo "Sawtooth rest API is ready."
env:
- name: HOST
value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
- name: PORT
value: "{{ include "chronicle.sawtooth.rest" . }}"
- name: RUST_LOG
value: {{ .Values.logLevel }}
- name: RUST_BACKTRACE
value: {{ .Values.backtraceLevel }}
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: opa-settings
{{- include "lib.image" (dict "imageRoot" .Values.sawset.image "global" .Values.global ) | nindent 10 }}
command: [ "bash", "-ec"]
args:
- |
if sawtooth settings list --url http://$HOST:$PORT | grep -q "chronicle.opa.policy_name"; then
echo "Skipping setting Sawtooth OPA settings."
exit 0
else
echo "Creating Sawtooth settings batch."
sawset proposal create \
-k /etc/sawtooth/keys/{{ $stlServiceName }}-0 \
chronicle.opa.policy_name={{ required "opa.policy.id required!" .Values.opa.policy.id }} \
chronicle.opa.entrypoint={{ required "opa.policy.entrypoint required!" .Values.opa.policy.entrypoint }} \
-o /shared-data/opa-settings.batch
echo "Submitting Sawtooth OPA settings batch."
sawtooth batch submit \
-f /shared-data/opa-settings.batch \
--url http://$HOST:$PORT \
--wait 60
fi
env:
- name: HOST
value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
- name: PORT
value: "{{ include "chronicle.sawtooth.rest" . }}"
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: validator-secret
mountPath: /etc/sawtooth/keys
readOnly: true
- name: get-policy
{{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }}
command: [ "bash", "-ec"]
args:
- |
if opactl \
--sawtooth-address tcp://$HOST:$PORT \
get-policy \
--id {{ .Values.opa.policy.id }} \
--output policy.bin >/dev/null 2>&1; then
echo "Policy already set."
touch /shared-data/policy-already-set
else
echo "Policy not found."
exit 0
fi
env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }}
- name: HOST
value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
- name: PORT
value: "{{ include "chronicle.sawtooth.sawcomp" . }}"
- name: RUST_LOG
value: {{ .Values.logLevel }}
- name: RUST_BACKTRACE
value: {{ .Values.backtraceLevel }}
volumeMounts:
- name: shared-data
mountPath: /shared-data
- name: set-policy
{{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }}
command: [ "bash", "-ec"]
args:
- |
if [[ -f "/shared-data/policy-already-set" ]]; then
echo "Skipping setting policy."
exit 0
else
echo "Policy not found on chain. Setting policy."
opactl \
--sawtooth-address tcp://$HOST:$PORT \
set-policy \
--id {{ .Values.opa.policy.id }} \
-p {{ .Values.opa.policy.url }} \
--root-key /shared-data/root.pem
fi
env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }}
- name: HOST
value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
- name: PORT
value: "{{ include "chronicle.sawtooth.sawcomp" . }}"
- name: RUST_LOG
value: {{ .Values.logLevel }}
- name: RUST_BACKTRACE
value: {{ .Values.backtraceLevel }}
volumeMounts:
- name: shared-data
mountPath: /shared-data
{{ end }}
{{ end }}
containers:
- name: chronicle-init
image: busybox:1.36
command: [ "sh", "-c"]
args:
- |
echo "Chronicle bootstrap and OPA settings initialization complete."
volumes:
- name: shared-data
emptyDir: {}
- name: validator-secret
configMap:
name: validator-secret

12
charts/btp/chronicle/templates/chronicle-secret-volume.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: chronicle-secrets
annotations:
"helm.sh/resource-policy": keep
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

20
charts/btp/chronicle/templates/id-provider-service.yaml
View File

@ -1,20 +0,0 @@
{{- if .Values.devIdProvider.enabled }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "chronicle.id-provider.service" . }}
labels: {{ include "chronicle.labels" . | nindent 4 }}
component: test-id-provider
spec:
type: ClusterIP
clusterIP: None
sessionAffinity: ClientIP
ports:
- port: 8090
protocol: TCP
targetPort: 8090
name: {{ include "chronicle.id-provider.service" . }}
selector: {{ include "chronicle.labels.matchLabels" . | nindent 4 }}
component: test-id-provider
{{- end }}

Some files were not shown because too many files have changed in this diff Show More