diff --git a/assets/bitnami/postgresql-12.6.7.tgz b/assets/bitnami/postgresql-12.6.7.tgz new file mode 100644 index 000000000..93f6d9617 Binary files /dev/null and b/assets/bitnami/postgresql-12.6.7.tgz differ diff --git a/assets/bitnami/wordpress-16.1.28.tgz b/assets/bitnami/wordpress-16.1.28.tgz new file mode 100644 index 000000000..b6da07e0a Binary files /dev/null and b/assets/bitnami/wordpress-16.1.28.tgz differ diff --git a/assets/bitnami/zookeeper-11.4.8.tgz b/assets/bitnami/zookeeper-11.4.8.tgz new file mode 100644 index 000000000..5763e7014 Binary files /dev/null and b/assets/bitnami/zookeeper-11.4.8.tgz differ diff --git a/assets/btp/chronicle-0.1.15.tgz b/assets/btp/chronicle-0.1.15.tgz new file mode 100644 index 000000000..a71558fcb Binary files /dev/null and b/assets/btp/chronicle-0.1.15.tgz differ diff --git a/assets/btp/chronicle-0.1.16.tgz b/assets/btp/chronicle-0.1.16.tgz new file mode 100644 index 000000000..ab4989047 Binary files /dev/null and b/assets/btp/chronicle-0.1.16.tgz differ diff --git a/assets/cockroach-labs/cockroachdb-11.0.5.tgz b/assets/cockroach-labs/cockroachdb-11.0.5.tgz new file mode 100644 index 000000000..74af716d1 Binary files /dev/null and b/assets/cockroach-labs/cockroachdb-11.0.5.tgz differ diff --git a/assets/instana/instana-agent-1.2.61.tgz b/assets/instana/instana-agent-1.2.61.tgz new file mode 100644 index 000000000..40ed0c41a Binary files /dev/null and b/assets/instana/instana-agent-1.2.61.tgz differ diff --git a/assets/redpanda/redpanda-4.0.54.tgz b/assets/redpanda/redpanda-4.0.54.tgz new file mode 100644 index 000000000..fa38d5cd8 Binary files /dev/null and b/assets/redpanda/redpanda-4.0.54.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.3.20.tgz b/assets/speedscale/speedscale-operator-1.3.20.tgz new file mode 100644 index 000000000..2fb934e50 Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.3.20.tgz differ diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index 669091b6c..12ad84543 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -31,4 +31,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/post -version: 12.6.6 +version: 12.6.7 diff --git a/charts/bitnami/postgresql/templates/primary/statefulset.yaml b/charts/bitnami/postgresql/templates/primary/statefulset.yaml index 2b80997b4..b652df2f6 100644 --- a/charts/bitnami/postgresql/templates/primary/statefulset.yaml +++ b/charts/bitnami/postgresql/templates/primary/statefulset.yaml @@ -220,7 +220,7 @@ spec: {{- if or (eq $customUser "postgres") (empty $customUser) }} {{- if .Values.auth.enablePostgresUser }} {{- if .Values.auth.usePasswordFiles }} - - name: POSTGRES_POSTGRES_PASSWORD_FILE + - name: POSTGRES_PASSWORD_FILE value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (include "postgresql.adminPasswordKey" .) }} {{- else if .Values.auth.postgresPassword }} - name: POSTGRES_PASSWORD diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index b16e2f9dd..e93566f81 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.5.4 + version: 6.5.5 - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts version: 12.2.8 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.6.0 -digest: sha256:5f10c5598a3c4ece70bc5eb4b086c21d03aa3121c2b82ec05448ffe09d39edbc -generated: "2023-07-13T19:28:03.474402945Z" +digest: sha256:b8bde9825ee3f69bc8d64377b147818af065ca0f24d6229a568ac8813c961b49 +generated: "2023-07-19T03:32:43.61154673Z" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 688c6d49e..f0c96dab2 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 16.1.27 +version: 16.1.28 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index be1a92a69..2933c517a 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r30` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r63` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r2` | +| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r11` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | @@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r14` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r47` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.lock b/charts/bitnami/wordpress/charts/memcached/Chart.lock index 587a595c7..902e10b00 100644 --- a/charts/bitnami/wordpress/charts/memcached/Chart.lock +++ b/charts/bitnami/wordpress/charts/memcached/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.4.0 -digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 -generated: "2023-05-21T18:31:06.275175617Z" + version: 2.6.0 +digest: sha256:6ce7c85dcb43ad1fc5ff600850f28820ddc2f1a7c8cb25c5ff542fe1f852165a +generated: "2023-07-15T10:20:24.410333+02:00" diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.yaml b/charts/bitnami/wordpress/charts/memcached/Chart.yaml index 8c632ae0e..a14579ab7 100644 --- a/charts/bitnami/wordpress/charts/memcached/Chart.yaml +++ b/charts/bitnami/wordpress/charts/memcached/Chart.yaml @@ -23,4 +23,4 @@ maintainers: name: memcached sources: - https://github.com/bitnami/charts/tree/main/bitnami/memcached -version: 6.5.4 +version: 6.5.5 diff --git a/charts/bitnami/wordpress/charts/memcached/README.md b/charts/bitnami/wordpress/charts/memcached/README.md index 613916b28..d20391c8b 100644 --- a/charts/bitnami/wordpress/charts/memcached/README.md +++ b/charts/bitnami/wordpress/charts/memcached/README.md @@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Memcached image registry | `docker.io` | | `image.repository` | Memcached image repository | `bitnami/memcached` | -| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.21-debian-11-r4` | +| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.21-debian-11-r9` | | `image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Memcached image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -206,8 +206,8 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r130` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r2` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -217,7 +217,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Memcached exporter image registry | `docker.io` | | `metrics.image.repository` | Memcached exporter image repository | `bitnami/memcached-exporter` | -| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r8` | +| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r13` | | `metrics.image.digest` | Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/Chart.yaml b/charts/bitnami/wordpress/charts/memcached/charts/common/Chart.yaml index 4fc56bbb7..191699db1 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/Chart.yaml +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.4.0 +appVersion: 2.6.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.4.0 +version: 2.6.0 diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/README.md b/charts/bitnami/wordpress/charts/memcached/charts/common/README.md index 72fca33da..b48bb7a25 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/README.md +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/README.md @@ -2,8 +2,6 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. -Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## TL;DR ```yaml @@ -32,6 +30,8 @@ This chart provides a common template helpers which can be used to develop new c Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2023 Bitnami +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_affinities.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_affinities.tpl index 81902a681..0e571028f 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_affinities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_capabilities.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_capabilities.tpl index 697486a31..c6d115fe5 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_capabilities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_errors.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_errors.tpl index a79cc2e32..07ded6f64 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_errors.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_errors.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Through error when upgrading using empty passwords values that must not be empty. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_images.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_images.tpl index d60c22e25..2181f3224 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_images.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_images.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_ingress.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_ingress.tpl index 831da9caa..efa5b85c7 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_ingress.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_ingress.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_labels.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_labels.tpl index 252066c7e..a1d7a95bc 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_labels.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_labels.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Kubernetes standard labels diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_names.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_names.tpl index 617a23489..a222924f1 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_names.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_names.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_secrets.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_secrets.tpl index a1708b2e8..a193c46b6 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_secrets.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_secrets.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Generate secret name. @@ -72,7 +77,7 @@ Params: - strong - Boolean - Optional - Whether to add symbols to the generated random password. - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - context - Context - Required - Parent context. - + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. The order in which this function returns a secret password: 1. Already existing 'Secret' resource (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) @@ -86,6 +91,7 @@ The order in which this function returns a secret password: {{- $password := "" }} {{- $subchart := "" }} +{{- $failOnNew := default true .failOnNew }} {{- $chartName := default "" .chartName }} {{- $passwordLength := default 10 .length }} {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} @@ -94,7 +100,7 @@ The order in which this function returns a secret password: {{- if $secretData }} {{- if hasKey $secretData .key }} {{- $password = index $secretData .key | quote }} - {{- else }} + {{- else if $failOnNew }} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} {{- end -}} {{- else if $providedPasswordValue }} @@ -137,15 +143,16 @@ Params: */}} {{- define "common.secrets.lookup" -}} {{- $value := "" -}} -{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} {{- if and $secretData (hasKey $secretData .key) -}} {{- $value = index $secretData .key -}} -{{- else -}} - {{- $value = $defaultValue | toString | b64enc -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} {{- end -}} +{{- if $value -}} {{- printf "%s" $value -}} {{- end -}} +{{- end -}} {{/* Returns whether a previous generated secret already exists diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_storage.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_storage.tpl index 60e2a844f..16405a0f8 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_storage.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_storage.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper Storage Class diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_tplvalues.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_tplvalues.tpl index 2db166851..dc15f7fdc 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_tplvalues.tpl @@ -1,13 +1,27 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* -Renders a value that contains template. +Renders a value that contains template perhaps with scope if the scope is present. Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} +{{- if .scope }} + {{- if typeIs "string" .value }} + {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- end }} +{{- else }} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} {{- end -}} diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_utils.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_utils.tpl index b1ead50cf..c87040cd9 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_utils.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_utils.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Print instructions to get a secret value. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_warnings.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_warnings.tpl index ae10fa41e..66dffc1fe 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_warnings.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/_warnings.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Warning about using rolling tag. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_cassandra.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_cassandra.tpl index ded1ae3bc..eda9aada5 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_cassandra.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_cassandra.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate Cassandra required passwords are not empty. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mariadb.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mariadb.tpl index b6906ff77..17d83a2fd 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mariadb.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mariadb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MariaDB required passwords are not empty. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mongodb.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mongodb.tpl index f820ec107..bbb445b86 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mongodb.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mongodb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MongoDB® required passwords are not empty. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mysql.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mysql.tpl index 74472a061..ca3953f86 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mysql.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_mysql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MySQL required passwords are not empty. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_postgresql.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_postgresql.tpl index 164ec0d01..8c9aa570e 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_postgresql.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_postgresql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate PostgreSQL required passwords are not empty. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_redis.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_redis.tpl index dcccfc1ae..fc0d208dd 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_redis.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_redis.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_validations.tpl b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_validations.tpl index 9a814cf40..31ceda871 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_validations.tpl +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/templates/validations/_validations.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate values must not be empty. diff --git a/charts/bitnami/wordpress/charts/memcached/charts/common/values.yaml b/charts/bitnami/wordpress/charts/memcached/charts/common/values.yaml index f2df68e5e..9abe0e154 100644 --- a/charts/bitnami/wordpress/charts/memcached/charts/common/values.yaml +++ b/charts/bitnami/wordpress/charts/memcached/charts/common/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## bitnami/common ## It is required by CI/CD tools and processes. ## @skip exampleValue diff --git a/charts/bitnami/wordpress/charts/memcached/values.yaml b/charts/bitnami/wordpress/charts/memcached/values.yaml index b90a2f48f..aefe02106 100644 --- a/charts/bitnami/wordpress/charts/memcached/values.yaml +++ b/charts/bitnami/wordpress/charts/memcached/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.21-debian-11-r4 + tag: 1.6.21-debian-11-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -514,8 +514,8 @@ volumePermissions: ## image: registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r130 + repository: bitnami/os-shell + tag: 11-debian-11-r2 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -560,7 +560,7 @@ metrics: image: registry: docker.io repository: bitnami/memcached-exporter - tag: 0.13.0-debian-11-r8 + tag: 0.13.0-debian-11-r13 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index a4cb1d8c3..eab908612 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.2.2-debian-11-r30 + tag: 6.2.2-debian-11-r63 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -766,7 +766,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r2 + tag: 11-debian-11-r11 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -860,7 +860,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.13.4-debian-11-r14 + tag: 0.13.4-debian-11-r47 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml index 743d2c623..3c2bd3f0e 100644 --- a/charts/bitnami/zookeeper/Chart.yaml +++ b/charts/bitnami/zookeeper/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.8.1 +appVersion: 3.8.2 dependencies: - name: common repository: file://./charts/common @@ -25,4 +25,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 11.4.7 +version: 11.4.8 diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md index 51c55b1a6..41286837c 100644 --- a/charts/bitnami/zookeeper/README.md +++ b/charts/bitnami/zookeeper/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r147` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.2-debian-11-r0` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml index d3f5ec1ba..e3e14bdbc 100644 --- a/charts/bitnami/zookeeper/values.yaml +++ b/charts/bitnami/zookeeper/values.yaml @@ -79,7 +79,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.1-debian-11-r147 + tag: 3.8.2-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/btp/chronicle/.helmignore b/charts/btp/chronicle/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/btp/chronicle/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/btp/chronicle/Chart.lock b/charts/btp/chronicle/Chart.lock new file mode 100644 index 000000000..e5903bf68 --- /dev/null +++ b/charts/btp/chronicle/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: standard-defs + repository: https://btp-charts-stable.s3.amazonaws.com/charts/ + version: 0.1.3 +- name: sawtooth + repository: https://btp-charts-unstable.s3.amazonaws.com/charts/ + version: 0.2.12 +digest: sha256:780720dfac6408ac363acd252c6232b5a405368dda73dcbe3d2e208bbe0d75e8 +generated: "2023-06-01T16:05:51.598742033-04:00" diff --git a/charts/btp/chronicle/Chart.yaml b/charts/btp/chronicle/Chart.yaml new file mode 100644 index 000000000..febf75d50 --- /dev/null +++ b/charts/btp/chronicle/Chart.yaml @@ -0,0 +1,25 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Chronicle + catalog.cattle.io/release-name: chronicle +apiVersion: v2 +appVersion: 0.7.3 +dependencies: +- name: standard-defs + repository: file://./charts/standard-defs + version: ~0.1.0 +- name: sawtooth + repository: file://./charts/sawtooth + version: ~0.2.0 +description: 'Chronicle is an open-source, blockchain-backed, domain-agnostic provenance + product. Chronicle makes it easy for users to record and query immutable provenance + information on a distributed ledger - about any asset, in any domain, and across + multiple parties. ' +home: https://docs.btp.works/chronicle +icon: https://chronicle-resources.s3.amazonaws.com/icons/chronicle-transparent-bg-dark.png +keywords: +- provenance +- blockchain +name: chronicle +type: application +version: 0.1.15 diff --git a/charts/btp/chronicle/README.md b/charts/btp/chronicle/README.md new file mode 100644 index 000000000..e619c7cbf --- /dev/null +++ b/charts/btp/chronicle/README.md @@ -0,0 +1,84 @@ +# Chronicle + +| field | description | default | +|-|-|-| +| `affinity`| custom affinity rules for the chronicle pod | {} | +| `auth.required` | if true require authentication | false | +| `backtraceLevel` | backtrace level for Chronicle | nil | +| `devIdProvider.image` | the image to use for the id-provider container | blockchaintp/id-provider | +| `devIdProvider.image.pullPolicy` | the image pull policy | IfNotPresent | +| `devIdProvider.image.repository` | the image repository | blockchaintp/id-provider | +| `devIdProvider.image.tag` | the image tag | latest | +| `extraVolumes` | a list of additional volumes to add to chronicle | [] | +| `extraVolumeMounts` | a list of additional volume mounts to add to chronicle | [] | +| `image.repository` | the repository of the image | blockchaintp/chronicle | +| `image.tag`| the tag of the image to use | latest | +| `image.pullPolicy` | the image pull policy to use | IfNotPresent | +| `imagePullSecrets.enabled`| if true use the list of named imagePullSecrets | false | +| `imagePullSecrets.value`| a list if named secret references of the form `- name: secretName`| [] | +| `ingress.apiVersion` | if necessary the apiVersion of the ingress may be overridden | "" | +| `ingress.enabled` | true to enable the ingress to the main service rest-api | false | +| `ingress.certManager` | true to enable the acme certmanager for this ingress | false | +| `ingress.hostname` | primary hostname for the ingress | false | +| `ingress.path` | path for the ingress's primary hostname | / | +| `ingress.pathType` | pathType for the ingress's primary hostname | nil | +| `ingress.annotations` | annotations for the ingress | {} | +| `ingress.tls` | true to enable tls on the ingress with a secrete at hostname-tls | false | +| `ingress.extraHosts` | list of extra hosts to add to the ingress | [] | +| `ingress.extraPaths` | list of extra paths to add to the primary host of the ingress | [] | +| `ingress.extraTls` | list of extra tls entries | [] | +| `ingress.hosts`| list of ingress host and path declarations for the chronicle ingress| [] | +| `logLevel` | log level for Chronicle | info | +| `opa.enabled` | if true set up a full OPA enabled setup | true | +| `opa.init.image` | the image to use for the chronicle-init container | blockchaintp/chronicle-opa-init | +| `image.pullPolicy` | the image pull policy to use | IfNotPresent | +| `image.repository` | the repository of the image | blockchaintp/chronicle | +| `image.tag`| the tag of the image to use | latest | +| `image.repository` | the repository of the image | blockchaintp/chronicle | +| `image.tag`| the tag of the image to use | latest | +| `image.pullPolicy` | the image pull policy to use | IfNotPresent | +| `opa.tp.resources` | resources | map | nil | +| `opa.tp.extraVolumes` | extra volumes declarations for the opa-tp deployment | list | nil +| `opa.tp.extraVolumeMounts` | extra volume mounts for opa-tp deployment | list | nil +| `port` | the port on which the chronicle service listens | 9982 | +| `replicas` | number of Chronicle replicas to run | 1 | +| `serviceAccount.create` | true to create a service account | false | +| `serviceAccount.name` | name of the service account | nil (defaults to based on release name) | +| `test.enabled` | true to enable test Jobs and Services | true | +| `api-test-container.image` | the image to use for the api-test container | blockchaintp/chronicle-api-test | +| `test.api.image.pullPolicy` | the image pull policy | IfNotPresent | +| `test.api.image.repository` | the image repository | blockchaintp/chronicle-helm-api-test | +| `test.api.image.tag` | the image tag | latest | +| `postgres.enabled` | if true create an internal postgres instance | boolean | true | +| `postgres.env` | postgres environment variables | map | N/A | +| `postgres.image.repository` | postgres image repository | string | "postgres" | +| `postgres.image.tag` | postgres image tag | string | "11" | +| `postgres.user` | user for the postgres database | string | "postgres" | +| `postgres.host` | host for the postgres database | string | "localhost" | +| `postgres.database` | database for the postgres database | string | "postgres" | +| `postgres.port` | port for the postgres database | int | 5432 | +| `postgres.password` | password for the postgres database | string | "postgres" | +| `postgres.existingPasswordSecret` | name of a secret containing the postgres password | string | nil | +| `postgres.existingPasswordSecret` | name of the key in a secret containing the postgres password | string | nil | +| `postgres.tls` | postgres TLS configuration | string | nil | +| `postgres.persistence` | postgres persistence settings | map | N/A | +| `postgres.persistence.enabled` | if true allocate a PVC for the postgres instance | boolean | false | +| `postgres.persistence.annotations` | any custom annotations to the postgres PVC's | map | {} | +| `postgres.persistence.accessModes` | postgres PVC access modes | list | [ "ReadWriteOnce" ] | +| `postgres.persistence.storageClass` | postgres PVC storageClass | string | nil | +| `postgres.persistence.size` | postgres PVC volume size | string | "40Gi" | +| `postgres.resources` | resources | map | nil | +| `resources` | resources | map | nil | +| `sawset.image.pullPolicy` | the image pull policy | IfNotPresent | +| `sawset.image.repository` | the image repository | blockchaintp/sawtooth-validator | +| `sawset.image.tag` | the image tag | latest | +| `tp.args` | a string of arguments to pass to the tp container| nil | +| `tp.image.pullPolicy` | the image pull policy | IfNotPresent | +| `tp.image.repository` | the image repository | blockchaintp/chronicle-tp | +| `tp.image.tag` | the image tag | latest | +| `tp.extraVolumes` | extra volumes declarations for the chronicle-tp deployment | list | nil +| `tp.extraVolumeMounts` | extra volume mounts for chronicle-tp deployment | list | nil +| `tp.resources` | resources | map | nil | +| `tp.maxUnavailable` | maximum unavailable nodes during a rolling upgrade | +| `tp.minReadySeconds` | minimum time before node becomes available | +| `sawtooth` | sawtooth options may be configured | see [Sawtooth](../sawtooth/README.md) | diff --git a/charts/btp/chronicle/app-readme.md b/charts/btp/chronicle/app-readme.md new file mode 100644 index 000000000..eb862a2fa --- /dev/null +++ b/charts/btp/chronicle/app-readme.md @@ -0,0 +1,12 @@ +Chronicle records provenance information of any physical or digital asset on a distributed ledger. + +- Chronicle is available with Hyperledger Sawtooth as its default backing ledger. +- Chronicle is built on the established W3C PROV Ontology standard; it uses the lightweight JSON-LD linked data format, and the data query language GraphQL. +- Chronicle is easily adaptable to enable users to model, capture, and query provenance information pertinent to their industry, application and use case. + +You can find example domains and further instructions at https://examples.btp.works + +## *Important* + +*As Chronicle uses Sawtooth as its backing ledger, a minimum of 4 nodes is required for deployment.* +*This helm chart will deploy and configure a 4 node Sawtooth network on your target cluster, so less than 4 nodes will result in the deployment failing.* diff --git a/charts/btp/chronicle/charts/sawtooth/.helmignore b/charts/btp/chronicle/charts/sawtooth/.helmignore new file mode 100644 index 000000000..98229532e --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +tests/ diff --git a/charts/btp/chronicle/charts/sawtooth/Chart.lock b/charts/btp/chronicle/charts/sawtooth/Chart.lock new file mode 100644 index 000000000..9e49e2c92 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: standard-defs + repository: https://btp-charts-stable.s3.amazonaws.com/charts/ + version: 0.1.2 +digest: sha256:b072a3f7726bb97088f486103c12d3c8c01d81b31e72bd972b93fbd61f4adb85 +generated: "2021-10-09T05:31:04.138943048Z" diff --git a/charts/btp/chronicle/charts/sawtooth/Chart.yaml b/charts/btp/chronicle/charts/sawtooth/Chart.yaml new file mode 100644 index 000000000..11b905803 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.2.5p4 +dependencies: +- name: standard-defs + repository: https://btp-charts-stable.s3.amazonaws.com/charts/ + version: ~0.1.0 +description: BTP's Sawtooth distribution based on Hyperledger Sawtooth 1.2 +name: sawtooth +type: application +version: 0.2.12 diff --git a/charts/btp/chronicle/charts/sawtooth/README.md b/charts/btp/chronicle/charts/sawtooth/README.md new file mode 100644 index 000000000..124e1ea70 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/README.md @@ -0,0 +1,96 @@ +# Sawtoooth + +| field | description | default | +|-|-|-| +| `affinity.enabled` | false: no effect true: then validators will be deployed only to k8s nodes with the label `app={{ .sawtooth.networkName }}-validator` | false | +| `commonLabels` | +| `imagePullSecrets.enabled` | if true use the list of named imagePullSecrets | false | +| `imagePullSecrets.value` | a list if named secret references of the form ```- name: secretName```| [] | +| `ingress.apiVersion` | if necessary the apiVersion of the ingress may be overridden | "" | +| `ingress.enabled` | true to enable the ingress to the main service rest-api | false | +| `ingress.certManager` | true to enable the acme certmanager for this ingress | false | +| `ingress.hostname` | primary hostname for the ingress | false | +| `ingress.path` | path for the ingress's primary hostname | / | +| `ingress.pathType` | pathType for the ingress's primary hostname | nil | +| `ingress.annotations` | annotations for the ingress | {} | +| `ingress.tls` | true to enable tls on the ingress with a secrete at hostname-tls | false | +| `ingress.extraHosts` | list of extra hosts to add to the ingress | [] | +| `ingress.extraPaths` | list of extra paths to add to the primary host of the ingress | [] | +| `ingress.extraTls` | list of extra tls entries | [] | +| `pagerduty.enabled` | if true send pagerduty alerts | false | +| `pagerduty.token` | pagerduty user token | nil | +| `pagerduty.serviceid` | pagerduty serviceid | nil | +| `sawtooth.opentsdb.db` | name of the opentsdb database to be used | metrics | +| `sawtooth.opentsdb.url` | url of the opentsdb database to be used | nil | +| `sawtooth.opentsdb.enabled` | whether to enable the opentsdb metrics | false | +| `sawtooth.minReadySeconds` | the minimum time a pod must be Running before proceeding on a rolling update | 120 | +| `sawtooth.maxUnavailable` | maximum number of pods allowed down on a rollout or update | 1 | +| `sawtooth.containers.block_info.args` | extra args for block-info-tp | nil | +| `sawtooth.containers.identity_tp.args` | extra args for identity-tp | nil | +| `sawtooth.containers.rest_api.args` | extra args for rest-api | nil | +| `sawtooth.containers.settings_tp.args` | extra args for settings-tp | nil | +| `sawtooth.containers.validator.args` | extra args for validator | nil | +| `sawtooth.containers.validator.env` | list of environment name/value dicts | nil | +| `sawtooth.ports.sawnet` | port for the sawtooth validator network | 8800 | +| `sawtooth.ports.consensus` | port for the sawtooth consensus network | 5050 | +| `sawtooth.ports.sawcomp` | port for the sawtooth component network | 4004 | +| `sawtooth.ports.rest` | port for the sawtooth rest-api | 8008 | +| `sawtooth.livenessProbe.enabled` | whether to run the livenessProbe on the validator | false | +| `sawtooth.livenessProbe.initialDelaySeconds` | seconds to wait before running the liveness probe the first time | 300 | +| `sawtooth.livenessProbe.periodSeconds` | interval in seconds to re-run the liveness probe | 120 | +| `sawtooth.livenessProbe.active` | if false, the liveness probe will run and evaluate the the situation, but always return successfully | string | "false" +| `sawtooth.livenessProbe.exitSignals` | when restarting due to a livenessProbe failure, the validator pod has a "signal" system which will cause it to restart the named containers in this var | "block-info-tp" | +| `sawtooth.heartbeat.interval` | interval in seconds to issue a heartbeat | 300 | +| `sawtooth.permissioned` | Whether to run this chain as a permissioned chain or not | false | +| `sawtooth.namespace` | namespace to render these templates into (deprecated) | "prod" | +| `sawtooth.networkName` | name of this sawtooth network (deprecated) | "mynetwork" | +| `sawtooth.scheduler` | name of the sawtooth transaction scheduler to use | string | "serial" +| `sawtooth.consensus` | id of the the consensus algorithm to use< valid values: 100:DevMode, 200, PoET, 300 - Raft, 400, PBFT | int | 200 +| `sawtooth.genesis.enabled` | If true, and the cluster is starting for the first time, then a node will be selected to create and submit the genesis block | true | +| `sawtooth.genesis.seed` | The seed is an arbitrary string which identifies a given genesis If the data of a given set of nodes is to be wiped out, change this value. | "9a2de774-90b5-11e9-9df0-87e889b0f1c9" | +| `sawtooth.dynamicPeering` | Dynamic Peering should default to false, since it is a bit unreliable | false | +| `sawtooth.externalSeeds` | a list of maps defining validator endpoints external to this deployment | [] | +| `sawtooth.seth.enabled` | enabled sawtooth-seth | false | +| `sawtooth.xo.enabled` | enabled sawtooth-xo-tp | false | +| `sawtooth.smallbank.enabled` | enabled sawtooth-smallbank-tp | false | +| `sawtooth.hostPathBaseDir` | all sawtooth hostPath directories will be based here | string | /var/lib/btp +| `sawtooth.client_wait` | arbitrary delay to validator client startup, such as the rest-api | 90 | +| `sawtooth.customTPs` | a list of [custom tp definitions](#custom-tp-definitions) | nil | +| `sawtooth.affinity` | custom affinity rules for the sawtooth validator deamonset | nil | +| `images` | a map containing all of the image urls used by this template| N/A | + +## Images + +| field | default | +|- |- | +| `images.devmode_engine` | blockchaintp/sawtooth-devmode-engine-rust:BTP2.1.0 +| `images.pbft_engine` | blockchaintp/sawtooth-pbft-engine:BTP2.1.0 +| `images.poet_cli` | blockchaintp/sawtooth-poet-cli:BTP2.1.0 +| `images.poet_engine` | blockchaintp/sawtooth-poet-engine:BTP2.1.0 +| `images.poet_validator_registry_tp` | blockchaintp/sawtooth-poet-validator-registry-tp:BTP2.1.0 +| `images.raft_engine` | blockchaintp/sawtooth-raft-engine:BTP2.1.0 +| `images.block_info_tp` | blockchaintp/sawtooth-block-info-tp:BTP2.1.0 +| `images.identity_tp` | blockchaintp/sawtooth-identity-tp:BTP2.1.0 +| `images.intkey_tp` | blockchaintp/sawtooth-intkey-tp-go:BTP2.1.0 +| `images.settings_tp` | blockchaintp/sawtooth-settings-tp:BTP2.1.0 +| `images.shell` | blockchaintp/sawtooth-shell:BTP2.1.0 +| `images.smallbank_tp` | blockchaintp/sawtooth-smallbank-tp-go:BTP2.1.0 +| `images.validator` | blockchaintp/sawtooth-validator:BTP2.1.0 +| `images.xo_tp` | blockchaintp/sawtooth-xo-tp-go:BTP2.1.0 +| `images.rest_api` | blockchaintp/sawtooth-rest-api:BTP2.1.0 +| `images.seth_rpc` | blockchaintp/sawtooth-seth-rpc:BTP2.1.0 +| `images.seth_tp` | blockchaintp/sawtooth-seth-tp:BTP2.1.0 +| `images.xo_demo` | blockchaintp/xo-demo:BTP2.1.0 + +## Custom TP Definitions + +Custom TP definitions are describe using maps with the following fields + +| field | description | default | +|-|-|-| +| `name` | name of the custom tp container(must be unique within the pod) | nil | +| `image` | url of the image for this tp | nil | +| `command` | list of command tokens for this tp | list | nil +| `arg` | list of arguments to the command | nil] | +| `extraVolumes` | a list of additional volumes to add to all StatefulSets, Deployments, and DaemonSets | `[]` | +| `extraVolumeMounts` | a list of additional volume mounts to add to all StatefulSet, Deployment, and DaemonSet containers | `[]` | diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/Chart.lock b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/Chart.lock new file mode 100644 index 000000000..3c1618aee --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.8.0 +digest: sha256:4b6f60ea1981a1b98332e0149289002fe0f9ebf401de1ec19c8baaaf6b0d4b88 +generated: "2021-09-02T01:05:15.012803203Z" diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/Chart.yaml b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/Chart.yaml new file mode 100644 index 000000000..38a35afb0 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 0.1.0 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: ~1.8.0 +description: BTP Standard Template definitions and dependencies +name: standard-defs +type: library +version: 0.1.2 diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/README.md b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/README.md new file mode 100644 index 000000000..e69de29bb diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/.helmignore b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/Chart.yaml b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/Chart.yaml new file mode 100644 index 000000000..344c40384 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.8.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- http://www.bitnami.com/ +type: library +version: 1.8.0 diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/README.md b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/README.md new file mode 100644 index 000000000..054e51f96 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/README.md @@ -0,0 +1,327 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for policy | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Inpput | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_affinities.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_affinities.tpl new file mode 100644 index 000000000..189ea403d --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_capabilities.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_capabilities.tpl new file mode 100644 index 000000000..ae45d5e35 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_capabilities.tpl @@ -0,0 +1,117 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for policy. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_errors.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_errors.tpl new file mode 100644 index 000000000..a79cc2e32 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_images.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_images.tpl new file mode 100644 index 000000000..42ffbc722 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_ingress.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_ingress.tpl new file mode 100644 index 000000000..f905f2005 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_ingress.tpl @@ -0,0 +1,55 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_labels.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_labels.tpl new file mode 100644 index 000000000..252066c7e --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_names.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_names.tpl new file mode 100644 index 000000000..adf2a74f4 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_secrets.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_secrets.tpl new file mode 100644 index 000000000..60b84a701 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_secrets.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- if index $secret.data .key }} + {{- $password = index $secret.data .key }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_storage.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_storage.tpl new file mode 100644 index 000000000..60e2a844f --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_tplvalues.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_tplvalues.tpl new file mode 100644 index 000000000..2db166851 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_utils.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_utils.tpl new file mode 100644 index 000000000..ea083a249 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_warnings.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_warnings.tpl new file mode 100644 index 000000000..ae10fa41e --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_cassandra.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 000000000..8679ddffb --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_mariadb.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 000000000..bb5ed7253 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_mongodb.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 000000000..1e5bba981 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_postgresql.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 000000000..992bcd390 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,131 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_redis.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_redis.tpl new file mode 100644 index 000000000..18d9813c5 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (not $existingSecretValue) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_validations.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_validations.tpl new file mode 100644 index 000000000..9a814cf40 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/values.yaml b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/values.yaml new file mode 100644 index 000000000..f2df68e5e --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_ingress.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_ingress.tpl new file mode 100644 index 000000000..e1b16d928 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_ingress.tpl @@ -0,0 +1,101 @@ +{{/* +include "ingress" (dict "ingressName" "myingress" "ingress" path.to.ingress "serviceName" "the-service" "servicePort" 9090 "context" $) + +ingress: + enabled: true + certManager: false + pathType: ImplementationSpecific + apiVersion: "" + hostname: theservice.local + path: / + annotations: {} + tls: false + extraHosts: [] + extraPaths: [] + extraTls: [] + secrets: [] +*/}} +{{- define "lib.ingress" -}} +{{- $ctx := .context -}} +{{- $ingressName := .ingressName -}} +{{- $serviceName := .serviceName -}} +{{- $servicePort := .servicePort -}} +{{- $extraPaths := .ingress.extraPaths -}} +{{- if .ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" $ctx }} +kind: Ingress +metadata: + name: {{ $ingressName }} + namespace: {{ $ctx.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ctx | nindent 4 }} + {{- if $ctx.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonLabels "context" $ctx ) | nindent 4 }} + {{- end }} + annotations: + {{- if .ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if .ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .ingress.annotations "context" $ctx ) | nindent 4 }} + {{- end }} + {{- if $ctx.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonAnnotations "context" $ctx ) | nindent 4 }} + {{- end }} +spec: + rules: + {{- if .ingress.hostname }} + - host: {{ .ingress.hostname }} + http: + paths: + - path: {{ .ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: {{ default "ImplementationSpecific" .ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- include "lib.safeToYaml" $extraPaths | nindent 10 }} + {{- end }} + {{- range .ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- include "lib.safeToYaml" $extraPaths | nindent 10 }} + {{- end }} + {{/* .ingress.hosts is deprecated */}} + {{- range .ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- if .path }} + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- end }} + {{- range .paths }} + - path: {{ . | quote }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: ImplementationSpecific + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- end }} + {{- end }} + {{/* .ingress.hosts is deprecated */}} + {{- if or .ingress.tls .ingress.extraTls }} + tls: + {{- if .ingress.tls }} + - hosts: + - {{ .ingress.hostname }} + secretName: {{ printf "%s-tls" .ingress.hostname }} + {{- end }} + {{- if .ingress.extraTls }} + {{- include "common.tplvalues.render" ( dict "value" .ingress.extraTls "context" $ctx ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib.tpl new file mode 100644 index 000000000..deaa325c4 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib.tpl @@ -0,0 +1,51 @@ + +{{/* +Call a template function in the context of a sub-chart, as opposed to the +current context of the caller +{{ include "lib.call-nested" (list . "subchart" "template_name") }} +*/}} +{{- define "lib.call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "lib.labels" -}} +helm.sh/chart: {{ include "common.names.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "common.labels.matchLabels" . }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "lib.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Given a variable, if it is not false, output as Yaml + +include "lib.safeToYaml" .Values.something +*/}} +{{- define "lib.safeToYaml" -}} +{{- if . -}} +{{ toYaml . }} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib_image.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib_image.tpl new file mode 100644 index 000000000..77ed723b4 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib_image.tpl @@ -0,0 +1,46 @@ +{{/* +Given a setup like the following: + +# global and on down are optional +global: + image: + registry: my-registry.com + tag: latest + +# This is the imageRoot +somecomponent: + image: + registry: my-other-registry.com + tag: 1.0.0 + repository: bobs/coolthing + +*/}} +{{/* +{{ include "utils.image.url" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}} +*/}} +{{- define "lib.image.url" -}} +{{- $globalRegistryName := "index.docker.io" -}} +{{- $globalTag := "latest" -}} +{{- if .global -}} + {{- if .global.image -}} + {{- if .global.image.registry -}} + {{- $globalRegistryName = .global.image.registry -}} + {{- end -}} + {{- if .global.image.tag -}} + {{- $globalTag = .global.image.tag -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- $repository := .imageRoot.repository -}} +{{- $registry := default $globalRegistryName .imageRoot.registry -}} +{{- $tag := default $globalTag .imageRoot.tag -}} +{{- printf "%s/%s:%s" $registry $repository $tag -}} +{{- end -}} + +{{/* +{{ include "utils.image" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}} +*/}} +{{- define "lib.image" -}} +image: {{ include "lib.image.url" . }} +imagePullPolicy: {{ default "IfNotPresent" .imageRoot.pullPolicy }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib_volumes.tpl b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib_volumes.tpl new file mode 100644 index 000000000..93f1139b1 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/templates/_lib_volumes.tpl @@ -0,0 +1,34 @@ + + +{{/* +given a variable list, create a list of volumes + +extraVolumes: + - name: pv-data + persistentVolumeClaim: + claimName: pvc-persistent-cfg + - name: scratch + emptyDir: {} + +include "lib.volumes" .Values.extraVolumes + +*/}} +{{- define "lib.volumes" -}} +{{ include "lib.safeToYaml" . }} +{{- end -}} + +{{/* +given a variable list, create a list of volumeMounts + +extraVolumeMounts: + - name: pv-data + mountPath: /data + - name: scratch + mountPath: /scratch + +include "lib.volumeMounts" .Values.extraVolumeMounts + +*/}} +{{- define "lib.volumeMounts" -}} +{{ include "lib.safeToYaml" . }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/values.yaml b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/values.yaml new file mode 100644 index 000000000..1ff659769 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/charts/standard-defs/values.yaml @@ -0,0 +1 @@ +exampleValue: example diff --git a/charts/btp/chronicle/charts/sawtooth/sextant/details.yaml b/charts/btp/chronicle/charts/sawtooth/sextant/details.yaml new file mode 100644 index 000000000..83bb5c290 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/sextant/details.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +name: sawtooth +description: Uses BTP Paralos open source distribution of Hyperledger Sawtooth + +# Replaces the index.js in the deployment templates directory, sawtooth/index +# The deploymentType and deploymentVersion help build the object structure +deploymentType: sawtooth +deploymentVersion: 1.1 + +# absolute path to form.js +form: sawtooth/sextant/form.js + +# absolute path to summary.jst +summary: sawtooth/sextant/summary.js + +# paths to be used in the getField function +namePath: sawtooth.networkName +namespacePath: sawtooth.namespace + +# additional fields for the button +# form: +title: Hyperledger Sawtooth +sextantVersion: sawtooth 1.2, paralos 2.1 +buttonIcon: /thirdParty/hyperledger-sawtooth.png +features: [] + +# documentation pull down mark down diff --git a/charts/btp/chronicle/charts/sawtooth/sextant/form.js b/charts/btp/chronicle/charts/sawtooth/sextant/form.js new file mode 100644 index 000000000..293e50f6a --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/sextant/form.js @@ -0,0 +1,330 @@ +const randomString = require('randomstring') +const options = require('./options') + +const form = [ + + 'Hyperledger Sawtooth Deployment', + + [ + { + id: 'sawtooth.networkName', + title: 'Deployment Name', + helperText: 'The name of the deployment', + component: 'text', + editable: { + new: true, + }, + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ['matches', ['^[a-z]([-a-z0-9]*[a-z0-9])*$'], "a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character"], + ], + }, + }, + { + id: 'sawtooth.namespace', + title: 'Kubernetes Namespace', + helperText: 'The Kubernetes namespace', + component: 'text', + editable: { + new: true, + }, + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ['matches', ['^[a-z]([-a-z0-9]*[a-z0-9])*$'], "a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character"], + ], + }, + }, + + ], + + [ + { + id: 'sawtooth.dynamicPeering', + title: 'Peering Type', + helperText: 'Peering type for the validator', + component: 'radio', + default: true, + dataType: 'boolean', + row: true, + options: options.peering, + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ], + }, + }, + { + id: 'sawtooth.genesis.enabled', + title: 'Genesis Block', + helperText: 'Should this network create the genesis block?', + component: 'radio', + default: true, + dataType: 'boolean', + row: true, + options: options.activated, + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ], + }, + }, + ], + [ + { + id: 'sawtooth.permissioned', + title: 'Permissioned Network', + helperText: 'Should this network be permissioned?', + component: 'radio', + default: false, + dataType: 'boolean', + row: true, + options: options.activated, + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ], + }, + }, + { + id: 'sawtooth.consensus', + title: 'Consensus Algorithm', + helperText: 'Which consensus algorithm should this network use?', + component: 'select', + alternateText: true, + default: 400, + dataType: 'number', + options: options.consensus, + validate: { + type: 'number', + methods: [ + ['required', 'Required'], + ], + }, + }, + ], + + { + id: 'affinity.enabled', + title: 'Affinity', + helperText: 'If enabled - pods will only deploy to nodes that have the label: app={{ .Release.Name }}-validator', + component: 'radio', + default: false, + dataType: 'boolean', + row: true, + options: options.activated, + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ], + }, + }, + + // hostname, IP, port + { + id: 'sawtooth.externalSeeds', + title: 'External Seeds', + helperText: 'The list of external addresses to connect to', + list: { + mainField: 'hostname', + schema: [{ + id: 'hostname', + title: 'Hostname', + helperText: 'Type the hostname of a new external seed.', + component: 'text', + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ['matches', ['^[a-z]([.]*[-a-z0-9]*[a-z0-9])*$'], 'Must use a DNS-1123 safe label.'], + ], + }, + }, + { + id: 'ip', + title: 'IP Address', + helperText: 'Type the IP address of a new external seed.', + component: 'text', + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ['matches', ['^[0-9]+[.0-9]*[0-9]$'], 'Must be an IPv4 compatible address.'], + ], + }, + }, { + id: 'port', + title: 'Port', + helperText: 'Type the port of a new external seed.', + component: 'text', + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ['matches', ['^[0-9]+$'], 'Must be a number.'], + ], + }, + }, + ], + table: [{ + title: 'Hostname', + name: 'hostname', + }, { + title: 'IP Address', + name: 'ip', + }, { + title: 'Port', + name: 'port', + }], + }, + }, + + 'Custom Containers', + + { + id: 'sawtooth.customTPs', + title: 'Custom Containers', + skip: true, + helperText: 'Custom containers can connect to the validator on tcp://localhost:4004', + list: { + mainField: 'name', + schema: [{ + id: 'name', + title: 'Name', + helperText: 'The name of your custom container', + component: 'text', + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ], + }, + }, { + id: 'image', + title: 'Image', + helperText: 'The docker image for your container', + component: 'text', + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ], + }, + }, { + id: 'command', + title: 'Command', + helperText: 'The command for your container', + component: 'text', + validate: { + type: 'string', + methods: [ + + ], + }, + }, { + id: 'args', + title: 'Arguments', + helperText: 'The arguments for your container', + component: 'text', + validate: { + type: 'string', + methods: [ + + ], + }, + }], + table: [{ + title: 'Name', + name: 'name', + }, { + title: 'Image', + name: 'image', + }, { + title: 'Command', + name: 'command', + }, { + title: 'Arguments', + name: 'args', + }], + }, + }, + + 'Image Pull Secrets', + + { + id: 'imagePullSecrets.enabled', + title: 'Do you need to enable image pull secrets?', + helperText: 'Provide secrets to be injected into the namespace and used to pull images from your secure registry', + component: 'radio', + default: false, + dataType: 'boolean', + row: true, + options: options.yesNo, + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ], + }, + }, { + id: 'imagePullSecrets.value', + title: 'Image Pull Secrets', + helperText: null, + default: null, + linked: { + linkedId: 'imagePullSecrets.enabled', + visibilityParameter: 'true', // for what value of linkedId, will this component be visible + }, + list: { + mainField: 'name', + schema: [{ + id: 'name', + title: 'Name', + helperText: 'The name of the secret', + component: 'text', + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ['matches', ['^[a-z]([-a-z0-9]*[a-z0-9])*$'], "a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character"], + ], + }, + }], + table: [{ + title: 'Name', + name: 'name', + }], + }, + }, + + 'Advanced Options', + + [ + { + id: 'sawtooth.genesis.seed', + title: 'Genesis Seed', + hidden: true, + default: randomString.generate(24), + warning: true, + helperText: 'WARNING: Changing the Genesis Seed will cause any exisiting data on the deployment to be deleted.', + component: 'text', + validate: { + type: 'string', + methods: [ + ['required', 'Required'], + ], + }, + }, + '', // emptry string acts as space in UI + ], + +] + +module.exports = form diff --git a/charts/btp/chronicle/charts/sawtooth/sextant/options.js b/charts/btp/chronicle/charts/sawtooth/sextant/options.js new file mode 100644 index 000000000..c1ecf9f7f --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/sextant/options.js @@ -0,0 +1,48 @@ +const activated = [{ + value: true, + title: 'Enabled', +}, { + value: false, + title: 'Disabled', +}] + +const yesNo = [{ + value: true, + title: 'Yes', +}, { + value: false, + title: 'No', +}] + +const consensus = [{ + value: 100, + title: 'DevMode', + blurb: 'DevMode is useful for development purposes only. This mechanism useful only on single node networks which provide no real consensus guarantees.', +}, { + value: 400, + title: 'PBFT', + blurb: 'PBFT is a byzantine fault tolerant consensus mechanism offering good scale, and performance. It is tolerant of up to f=(n-1)/3 byzantine or other faults on the network. PBFT is a non-forking algorithm.', +}, { + value: 200, + title: 'PoET-CFT', + blurb: 'PoET-CFT is a time based consensus mechanism based on a fair lottery system. It has low resource utilization, is crash fault tolerant and can support very large scale networks. PoET-CFT is a forking consensus algorithm.', +}, { + value: 300, + title: 'Raft', + blurb: 'Raft is a consensus mechanism based on an elected leader. It offers good performance, but is not tolerant of Byzantine failures. It works best with low latency networks, and is tolerant of f=(n-1)/2 non-byzantine failures. Raft is a non-forking algorithm.', +}] + +const peering = [{ + value: true, + title: 'Dynamic', +}, { + value: false, + title: 'Static', +}] + +module.exports = { + activated, + consensus, + peering, + yesNo, +} diff --git a/charts/btp/chronicle/charts/sawtooth/sextant/summary.js b/charts/btp/chronicle/charts/sawtooth/sextant/summary.js new file mode 100644 index 000000000..438003fd8 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/sextant/summary.js @@ -0,0 +1,43 @@ +const options = require('./options') + +const getConsensusTitle = (value) => { + const option = options.consensus.find((o) => o.value === value) + return option ? option.title : 'unknown' +} + +const summary = (values) => { + const { + sawtooth, + } = values + + return [{ + title: 'Deployment Name', + value: sawtooth.networkName, + }, { + title: 'Namespace', + value: sawtooth.namespace, + }, { + title: 'Peering Type', + value: sawtooth.dynamicPeering ? 'Dynamic' : 'Static', + }, { + title: 'Genesis Block', + value: sawtooth.genesis.enabled ? 'Yes' : 'No', + }, { + title: 'Permissioned', + value: sawtooth.permissioned ? 'Yes' : 'No', + }, { + title: 'Consensus Algorithm', + value: getConsensusTitle(sawtooth.consensus), + }, { + title: 'External Seeds', + value: (sawtooth.externalSeeds || []).map((seed) => seed.ip), + }, { + title: 'Sawtooth Validator Port', + value: '8800', + }, { + title: 'Custom Transaction Processors', + value: (sawtooth.customTPs || []).map((tp) => `${tp.name} (${tp.image})`), + }] +} + +module.exports = summary diff --git a/charts/btp/chronicle/charts/sawtooth/templates/NOTES.txt b/charts/btp/chronicle/charts/sawtooth/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/charts/btp/chronicle/charts/sawtooth/templates/_sawtooth.tpl b/charts/btp/chronicle/charts/sawtooth/templates/_sawtooth.tpl new file mode 100644 index 000000000..28744498f --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/_sawtooth.tpl @@ -0,0 +1,352 @@ + +{{/* +Sawtooth Selector labels +*/}} +{{- define "sawtooth.labels" -}} +{{ include "lib.labels" . }} +app: {{ include "common.names.fullname" . }} +{{- end -}} + +{{- define "sawtooth.kind" -}} +{{ $consensus := .Values.sawtooth.consensus | int }} +{{- if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) -}} +StatefulSet +{{- else -}} +DaemonSet +{{- end -}} +{{- end -}} + +{{/* +Sawtooth Selector labels +*/}} +{{- define "sawtooth.labels.matchLabels" -}} +{{ include "common.labels.matchLabels" . }} +app: {{ include "common.names.fullname" . }} +component: sawtooth +{{- end -}} + +{{/* if the consensus type is devmode replicas is always 1 */}} +{{- define "sawtooth.replicas" -}} +{{- $consensus := .Values.sawtooth.consensus | int -}} +{{- if eq $consensus 100 -}} +{{- 1 | int -}} +{{- else -}} +{{- default 4 .Values.sawtooth.statefulset.replicas | int -}} +{{- end -}} +{{- end -}} + +{{/* +Sawtooth networking specifications +*/}} +{{- define "sawtooth.bind.component" -}} +component:tcp://0.0.0.0:{{ include "sawtooth.ports.sawcomp" . }} +{{- end -}} + +{{/* +Consensus binding should always be local under normal circumstances +*/}} +{{- define "sawtooth.bind.consensus" -}} +{{- if .Values.sawtooth.ports.consensus_local -}} +consensus:tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }} +{{- else -}} +consensus:tcp://0.0.0.0:{{ include "sawtooth.ports.consensus" . }} +{{- end -}} +{{- end -}} + +{{- define "sawtooth.bind.network" -}} +network:tcp://0.0.0.0:{{ include "sawtooth.ports.sawnet" . }} +{{- end -}} + +{{- define "sawtooth.binds" -}} +--bind {{ include "sawtooth.bind.component" . }} \ +--bind {{ include "sawtooth.bind.consensus" . }} \ +--bind {{ include "sawtooth.bind.network" . }} +{{- end -}} + +{{- define "sawtooth.opentsdb" -}} +{{- if .Values.sawtooth.opentsdb.enabled -}} +--opentsdb-db {{ .Values.sawtooth.opentsdb.db }} \ +--opentsdb-url {{ .Values.sawtooth.opentsdb.url }} +{{- end -}} +{{- end -}} + +{{- define "sawtooth.peering" -}} +{{- $peering:= .Values.sawtooth.dynamicPeering -}} +--peering {{ if ($peering)}}dynamic{{ else }}static{{end }} \ +{{ range .Values.sawtooth.externalSeeds }}{{ if ($peering) }}--seeds{{ else }}--peers{{ end }} tcp://{{ .hostname }}:{{ .port }} {{end }} \ +{{ if ($peering)}}${SEEDS}{{ else }}${PEERS}{{end }} \ +--maximum-peer-connectivity 255 +{{- end -}} + +{{- define "sawtooth.network" -}} +{{ include "sawtooth.binds" . }} \ +{{ include "sawtooth.peering" . }} \ +{{ include "sawtooth.opentsdb" . }} +{{- end -}} + +{{/* +Genesis Templates +*/}} +{{- define "sawtooth.genesis.create" -}} +{{- $consensus := .Values.sawtooth.consensus | int -}} +if [ ! -r /etc/sawtooth/initialized ]; then + if [ $RUN_GENESIS -eq 1 ]; then + {{- if eq $consensus 400 }} + bash -x /usr/local/bin/pbft_genesis_config.sh {{ .Release.Namespace }} + {{- else if eq $consensus 300 }} + bash -x /usr/local/bin/raft_genesis_config.sh {{ .Release.Namespace }} + {{- else if eq $consensus 200 }} + bash -x /usr/local/bin/poet_genesis_config.sh {{ .Release.Namespace }} + {{- else }} + bash -x /usr/local/bin/devmode_genesis_config.sh {{ .Release.Namespace }} + {{- end }} + {{ if .Values.sawtooth.permissioned -}} + /usr/local/bin/identity_genesis_config.sh {{ .Release.Namespace }} + {{- end -}} + sawset genesis -k /etc/sawtooth/keys/validator.priv \ + -o /etc/sawtooth/genesis/000-genesis.batch + cd /etc/sawtooth/genesis + sawadm genesis `ls |sort` + cd - + fi + touch /etc/sawtooth/initialized; +fi +{{- end -}} + +{{- define "sawtooth.genesis.reset" -}} +if [ -r /etc/sawtooth/genesis.seed ]; then + OLD_SEED=`cat /etc/sawtooth/genesis.seed` + if [ "$OLD_SEED" != "{{ .Values.sawtooth.genesis.seed }}" ]; then + echo "${OLD_SEED} != {{ .Values.sawtooth.genesis.seed }} -- resetting environment" + rm -rf /var/lib/sawtooth/* + rm -f /etc/sawtooth/genesis/* + rm -f /etc/sawtooth/initialized + echo {{ .Values.sawtooth.genesis.seed }} > /etc/sawtooth/genesis.seed + fi +else + echo "No genesis seed. Resetting environment and setting Seed to {{ .Values.sawtooth.genesis.seed }}" + rm -rf /var/lib/sawtooth/* + rm -f /etc/sawtooth/genesis/* + rm -f /etc/sawtooth/initialized + echo {{ .Values.sawtooth.genesis.seed }} > /etc/sawtooth/genesis.seed +fi +{{- end -}} +{{/* +END Genesis Templates +*/}} + +{{- define "sawtooth.hostpath" -}} +{{ .Values.sawtooth.volumes.hostPathBaseDir | trimSuffix "/" }}/{{.Release.Namespace}}/{{.Release.Name }} +{{- end -}} + +{{- define "sawtooth.etc.volume.name" -}} +sawtooth-etc +{{- end -}} + +{{- define "sawtooth.etc.volume" -}} +- name: {{ include "sawtooth.etc.volume.name" . }} + hostPath: + type: DirectoryOrCreate + path: {{ include "sawtooth.hostpath" . }}/{{ include "sawtooth.data.volume.name" . }} +{{- end -}} + +{{- define "sawtooth.etc.volume.vct" -}} +- metadata: + name: {{ include "sawtooth.etc.volume.name" . }} + {{- if .Values.sawtooth.persistence.annotations }} + annotations: {{- toYaml .Values.sawtooth.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: {{- toYaml .Values.sawtooth.persistence.accessModes | nindent 10 }} + {{ if .Values.sawtooth.persistence.storageClass }} + storageClassName: {{ .Values.sawtooth.persistence.storageClass | quote }} + {{ end }} + resources: + requests: + storage: 1Gi +{{- end -}} + +{{- define "sawtooth.etc.mount" -}} +- mountPath: /etc/sawtooth + name: {{ include "sawtooth.etc.volume.name" . }} +{{- end -}} + +{{- define "sawtooth.scripts.volume" -}} +- name: {{ include "sawtooth.scripts.volume.name" . }} + configMap: + name: {{ include "common.names.fullname" . }}-scripts +{{- end -}} + +{{- define "sawtooth.scripts.volume.name" -}} +chart-scripts +{{- end -}} + +{{- define "sawtooth.scripts.mount" -}} +- mountPath: /opt/chart/scripts + name: {{ include "sawtooth.scripts.volume.name" . }} +{{- end -}} + +{{- define "sawtooth.data.volume.name" -}} +sawtooth-data +{{- end -}} + +{{- define "sawtooth.data.volume" -}} +- name: {{ include "sawtooth.data.volume.name" . }} + hostPath: + type: DirectoryOrCreate + path: {{ include "sawtooth.hostpath" . }}/{{ include "sawtooth.data.volume.name" . }} +{{- end -}} + +{{- define "sawtooth.data.volume.vct" -}} +- metadata: + name: {{ include "sawtooth.data.volume.name" . }} + {{- if .Values.sawtooth.persistence.annotations }} + annotations: {{- toYaml .Values.sawtooth.persistence.annotations | nindent 8 }} + {{- end }} + spec: + accessModes: {{- toYaml .Values.sawtooth.persistence.accessModes | nindent 6 }} + {{ if .Values.sawtooth.persistence.storageClass }} + storageClassName: {{ .Values.sawtooth.persistence.storageClass | quote }} + {{ end }} + resources: + requests: + storage: {{ .Values.sawtooth.persistence.size | quote }} +{{- end -}} + +{{- define "sawtooth.data.mount" -}} +- mountPath: /var/lib/sawtooth + name: {{ include "sawtooth.data.volume.name" . }} +{{- end -}} + +{{/* +Sawtooth Signals Templates +*/}} +{{/* +Use as in +{{ include "sawtooth.signal.postStart" "pbft-engine" } +*/}} +{{- define "sawtooth.signal.postStart" -}} +postStart: + exec: + command: + - sh + - -c + - | + rm -f {{ include "sawtooth.signals.dir" . }}/{{ . }} +{{- end -}} + +{{- define "sawtooth.signal.livenessProbe" -}} +livenessProbe: + exec: + command: + - sh + - -c + - | + if [ -r {{ include "sawtooth.signals.dir" . }}/{{ . }} ]; then + exit 1 + else + exit 0 + fi +{{- end -}} + +{{- define "sawtooth.signal.fire" -}} +exit_code=$? +export EXIT_SIGNALS="{{ .Values.sawtooth.livenessProbe.exitSignals }}" +for signal in ${EXIT_SIGNALS}; do + touch "{{ include "sawtooth.signals.dir" . }}/$signal" +done +exit $exit_code +{{- end -}} + +{{- define "sawtooth.signals.volume.name" -}} +sawtooth-signals +{{- end -}} + +{{- define "sawtooth.signals.dir" -}} +/var/run/sawtooth +{{- end -}} + +{{- define "sawtooth.signals.mount" -}} +- mountPath: {{ include "sawtooth.signals.dir" . }} + name: {{ include "sawtooth.signals.volume.name" . }} +{{- end -}} + +{{- define "sawtooth.signals.volume" -}} +- name: {{ include "sawtooth.signals.volume.name" . }} + emptyDir: {} +{{- end -}} +{{/* +END Sawtooth Signals Templates +*/}} + +{{- define "sawtooth.affinity" -}} +{{- if .Values.affinity.enabled -}} +nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: app + operator: In + values: + - {{- include "common.names.fullname" . -}} +{{- else -}} +{{- if .Values.sawtooth.affinity -}} +{{- toYaml .Values.sawtooth.affinity }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "sawtooth.hostaliases" -}} +{{ range .Values.sawtooth.externalSeeds }} +- ip: {{ .ip }} + hostnames: + - {{ .hostname }} +{{ end }} +{{ include "utils.hostaliases" . }} +{{- end -}} + +{{- define "sawtooth.containers" -}} +{{- $consensus := .Values.sawtooth.consensus | int -}} +{{- if eq $consensus 400 -}} +{{- include "sawtooth.container.pbft-engine" . | nindent 0 }} +{{- else if eq $consensus 300 -}} +{{- include "sawtooth.container.raft-engine" . | nindent 0 }} +{{- else if eq $consensus 200 -}} +{{- include "sawtooth.container.poet-engine" . | nindent 0 }} +{{- else -}} +{{- include "sawtooth.container.devmode-engine" . | nindent 0 }} +{{- end -}} +{{- include "sawtooth.container.settings-tp" . | nindent 0 }} +{{- include "sawtooth.container.block-info-tp" . | nindent 0 }} +{{- include "sawtooth.container.intkey-tp" . | nindent 0 }} +{{- include "sawtooth.container.identity-tp" . | nindent 0 }} +{{- include "sawtooth.container.seth-tp" . | nindent 0 }} +{{- include "sawtooth.container.seth-rpc" . | nindent 0 }} +{{- include "sawtooth.container.smallbank-tp" . | nindent 0 }} +{{- include "sawtooth.container.xo-tp" . | nindent 0 }} +{{- $ctx := .Values -}} +{{- range .Values.sawtooth.customTPs -}} +{{- include "sawtooth.container.customtp" (dict "tp" . "values" $ctx) | nindent 0 }} +{{- end -}} +{{- include "sawtooth.container.rest-api" . | nindent 0 }} +{{- include "sawtooth.container.monitor" . | nindent 0 }} +{{- include "sawtooth.container.validator" . | nindent 0 }} +{{- end -}} + +{{/* +{{ include "sawtooth.loglevel" "container" .Values.sawtooth.containers.validator "global" .Values.global }} +*/}} +{{- define "sawtooth.logLevel" -}} +{{- $defaultLevel := "WARN" -}} +{{- if .global.logLevel -}} +{{- $defaultLevel = (default $defaultLevel .global.logLevel) | upper -}} +{{- end -}} +{{- $level := (default $defaultLevel .container.logLevel) | upper -}} +{{- if eq $level "INFO" -}} +-v +{{- else if eq $level "DEBUG" -}} +-vv +{{- else if eq $level "TRACE" -}} +-vvv +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/templates/_sawtooth_containers.tpl b/charts/btp/chronicle/charts/sawtooth/templates/_sawtooth_containers.tpl new file mode 100644 index 000000000..33ee21181 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/_sawtooth_containers.tpl @@ -0,0 +1,441 @@ + +{{- define "sawtooth.ports.sawcomp" -}} +{{ .Values.sawtooth.ports.sawcomp }} +{{- end -}} + +{{- define "sawtooth.ports.consensus" -}} +{{ .Values.sawtooth.ports.consensus }} +{{- end -}} + +{{- define "sawtooth.ports.rest" -}} +{{ .Values.sawtooth.ports.rest }} +{{- end -}} + +{{- define "sawtooth.ports.sawnet" -}} +{{ .Values.sawtooth.ports.sawnet }} +{{- end -}} + + +{{- define "sawtooth.container.env.nodename" -}} +{{- $consensus := .values.sawtooth.consensus | int -}} +- name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name +- name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +- name: NODE_NAME + # Since this a stateful set we use the pod name as the node name + valueFrom: + fieldRef: +{{- if or .values.sawtooth.statefulset.enabled (eq $consensus 100) }} + fieldPath: metadata.name +{{- else }} + fieldPath: spec.nodeName +{{- end }} +{{- end -}} + +{{/* +{{ include "sawtooth.container.env" (dict "container" .Values.sawtooth.containers.validator "values" .Values)}} +*/}} +{{- define "sawtooth.container.env" -}} +env: + {{- include "sawtooth.container.env.nodename" . | nindent 2 -}} + {{- if .values.pagerduty.enabled }} + - name: ALERT_TOKEN + value: {{ .values.pagerduty.token | quote }} + - name: SERVICE_ID + value: {{ .values.pagerduty.serviceid | quote }} + {{ end -}} +{{- if .container.env -}} + {{- toYaml .container.env | nindent 2 }} +{{- end -}} +{{- end -}} + +{{- define "sawtooth.container.resources" -}} +{{- if .container.resources -}} +resources: {{- toYaml .container.resources | nindent 2 }} +{{- end -}} +{{- end -}} + +{{/* +{{ include "sawtooth.container" (dict "container" .Values.sawtooth.containers.validator "values" .Values "global" .Values.global)}} +*/}} +{{- define "sawtooth.container" -}} +{{- include "lib.image" (dict "imageRoot" .container.image "values" .values "global" .global ) |nindent 0 }} +{{- include "sawtooth.container.command" . | nindent 0 }} +{{- include "sawtooth.container.env" . | nindent 0 }} +{{- include "sawtooth.container.resources" . | nindent 0 }} +{{- end -}} + +{{- define "sawtooth.container.command" -}} +command: [ "bash", "-xc"] +{{- end -}} + +{{- define "sawtooth.container.pbft-engine" -}} +{{ $ctx := dict "container" .Values.sawtooth.containers.pbft_engine "values" .Values "global" .Values.global }} +{{- $signal := "pbft-engine" -}} +- name: pbft-engine + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + rm -f /var/lib/sawtooth/pbft.log + pbft-engine {{ include "sawtooth.logLevel" $ctx }} \ + -C tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }} \ + --storage-location disk+/var/lib/sawtooth/pbft.log + lifecycle: + {{- include "sawtooth.signal.postStart" "pbft-engine" | nindent 4 }} + {{- include "sawtooth.signal.livenessProbe" "pbft-engine" | nindent 2 }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "sawtooth.data.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.raft-engine" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.raft_engine "values" .Values "global" .Values.global -}} +- name: raft-engine + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + raft-engine {{ include "sawtooth.logLevel" $ctx }} \ + -C tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "sawtooth.etc.mount" . | nindent 4 }} + {{- include "sawtooth.data.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.poet-engine" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.poet_engine "values" .Values "global" .Values.global -}} +- name: poet-engine + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + poet-engine {{ include "sawtooth.logLevel" $ctx }} \ + --connect tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }} \ + --component tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "sawtooth.etc.mount" . | nindent 4 }} + {{- include "sawtooth.data.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +- name: poet-validator-registry-tp + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + poet-validator-registry-tp {{ include "sawtooth.logLevel" $ctx }} \ + -C tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "sawtooth.etc.mount" . | nindent 4 }} + {{- include "sawtooth.data.mount" .| nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.devmode-engine" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.devmode_engine "values" .Values "global" .Values.global -}} +- name: devmode-engine + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + devmode-engine-rust {{ include "sawtooth.logLevel" $ctx }} \ + -C tcp://127.0.0.1:{{ include "sawtooth.ports.consensus" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.settings-tp" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.settings_tp "values" .Values "global" .Values.global -}} +- name: settings-tp + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + settings-tp {{ include "sawtooth.logLevel" $ctx }} \ + {{ .Values.sawtooth.containers.settings_tp.args }} \ + --connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.intkey-tp" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.intkey_tp "values" .Values "global" .Values.global -}} +- name: intkey-tp + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + intkey-tp-go {{ include "sawtooth.logLevel" $ctx }} \ + --connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.identity-tp" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.identity_tp "values" .Values "global" .Values.global -}} +{{- if .Values.sawtooth.permissioned -}} +- name: identity-tp + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + identity-tp {{ include "sawtooth.logLevel" $ctx }} \ + {{ .Values.sawtooth.containers.identity_tp.args }} \ + -C tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- else -}} +# no identity-tp +{{- end -}} +{{- end -}} + +{{- define "sawtooth.container.block-info-tp" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.block_info "values" .Values "global" .Values.global -}} +- name: block-info-tp + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + block-info-tp {{ include "sawtooth.logLevel" $ctx }} \ + {{ .Values.sawtooth.containers.block_info.args }} \ + -C tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + lifecycle: + {{- include "sawtooth.signal.postStart" "block-info-tp" | nindent 4 }} + {{- include "sawtooth.signal.livenessProbe" "block-info-tp" | nindent 2 }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.monitor" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.monitor "values" .Values "global" .Values.global -}} +- name: monitor + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + sawtooth keygen && \ + sleep {{ .Values.sawtooth.client_wait }} && \ + /usr/local/bin/heartbeat_loop.sh \ + http://127.0.0.1:{{ include "sawtooth.ports.rest" . }} \ + test-$RANDOM {{ .Values.sawtooth.heartbeat.interval }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "sawtooth.etc.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.xo-tp" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.xo_tp "values" .Values "global" .Values.global -}} +{{- if .Values.sawtooth.xo.enabled -}} +- name: xo-tp + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + xo-tp-go {{ include "sawtooth.logLevel" $ctx }} \ + --connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- else -}} +# no xo-tp +{{- end -}} +{{- end -}} + +{{- define "sawtooth.container.smallbank-tp" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.smallbank_tp "values" .Values "global" .Values.global -}} +{{- if .Values.sawtooth.smallbank.enabled -}} +- name: smallbank-tp + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + smallbank-tp-go {{ include "sawtooth.logLevel" $ctx }} \ + --connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- else -}} +# no smallbank-tp +{{- end -}} +{{- end -}} + +{{- define "sawtooth.container.rest-api" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.rest_api "values" .Values "global" .Values.global -}} +- name: rest-api + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + sleep {{ .Values.sawtooth.client_wait }} + sawtooth-rest-api {{ include "sawtooth.logLevel" $ctx }} \ + {{ .Values.sawtooth.containers.rest_api.args }} \ + --bind 0.0.0.0:{{ include "sawtooth.ports.rest" . }} \ + --connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} \ + {{ include "sawtooth.opentsdb" . | indent 8 }} + ports: + - containerPort: {{ include "sawtooth.ports.rest" . }} + name: sawrest + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.customtp" -}} +- name: {{ .tp.name }} + image: {{ .tp.image }} + {{ if .tp.command }}command: [ {{ range .tp.command }}"{{ . }}",{{ end }} ]{{end }} + {{ if .tp.args }}args: [ {{ range .tp.args }}"{{ . }}", {{ end }} ]{{end }} + env: + {{- include "sawtooth.container.env.nodename" (dict "values" .values) | nindent 4 }} + lifecycle: {{- include "sawtooth.signal.postStart" .tp.name | nindent 4 }} + {{- include "sawtooth.signal.livenessProbe" .tp.name | nindent 2 }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .values.extraVolumeMounts | nindent 4 }} + resources: {{- default (dict) .tp.resources | toYaml | nindent 4 }} +{{- end -}} + +{{- define "sawtooth.container.poet-registration" -}} +{{- $consensus := .Values.sawtooth.consensus | int -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.poet_registration "values" .Values "global" .Values.global -}} +{{ if eq $consensus 200 }} +- name: poet-registration + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + mkdir -p /etc/sawtooth/poet + cp /etc/sawtooth/simulator_rk_pub.pem /etc/sawtooth/; + if [ ! -f /etc/sawtooth/poet/poet-enclave-measurement ]; then + poet enclave measurement > /etc/sawtooth/poet/poet-enclave-measurement; + fi + if [ ! -f /etc/sawtooth/poet/poet-enclave-basename ]; then + poet enclave basename > /etc/sawtoothetc/poet/poet-enclave-basename; + fi + if [ ! -f /etc/sawtooth/initialized ]; then + poet registration create --enclave-module simulator \ + -k /etc/sawtooth/keys/validator.priv \ + -o /etc/sawtooth/genesis/200.poet.batch + fi + volumeMounts: + {{- include "sawtooth.etc.mount" . | nindent 4 }} + {{- include "sawtooth.data.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- end -}} +{{- end -}} + +{{- define "sawtooth.container.seth-tp" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.seth_tp "values" .Values "global" .Values.global -}} +{{- if .Values.sawtooth.seth.enabled -}} +- name: seth-tp + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + seth-tp {{ include "sawtooth.logLevel" $ctx }} \ + --connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} +{{- else -}} +# no seth-tp +{{- end -}} +{{- end -}} + +{{- define "sawtooth.container.seth-rpc" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.seth_rpc "values" .Values "global" .Values.global -}} +{{- if .Values.sawtooth.seth.enabled -}} +- name: seth-rpc + {{- include "sawtooth.container" $ctx | nindent 2 }} + args: + - | + sleep {{ .Values.sawtooth.client_wait }} && \ + seth-rpc {{ include "sawtooth.logLevel" $ctx }} \ + --bind 0.0.0.0:3030 \ + --connect tcp://127.0.0.1:{{ include "sawtooth.ports.sawcomp" . }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} + ports: + - containerPort: 3030 + name: seth-rpc +{{- else -}} +# no seth-rpc +{{- end -}} +{{- end -}} + +{{- define "sawtooth.container.validator.livenessProbe" -}} +{{if .Values.sawtooth.livenessProbe.enabled }} +exec: + command: + - /bin/bash + - -c + - | + export SIGNALS_DIR={{ include "sawtooth.signals.dir" . }} + export EXIT_SIGNALS="{{ .Values.sawtooth.livenessProbe.exitSignals }}" + export LIVENESS_PROBE_ACTIVE="{{ .Values.sawtooth.livenessProbe.active }}" + /usr/local/bin/liveness_probe.sh +initialDelaySeconds: {{ .Values.sawtooth.livenessProbe.initialDelaySeconds }} +periodSeconds: {{ .Values.sawtooth.livenessProbe.periodSeconds }} +{{- end -}} +{{- end -}} + +{{- define "sawtooth.container.validator.lifecycle" -}} +preStop: + exec: + command: + - bash + - -c + - | + export EXIT_SIGNALS="{{ .Values.sawtooth.livenessProbe.exitSignals }}" + for signal in ${EXIT_SIGNALS}; do + touch "{{ include "sawtooth.signals.dir" . }}/$signal" + done +postStart: + exec: + command: + - bash + - -c + - | + RUN_DIR=/var/run/sawtooth + rm -f $RUN_DIR/probe.* + rm -f $RUN_DIR/catchup.started + rm -f $RUN_DIR/last* + rm -f $RUN_DIR/pbft_seq* +{{- end -}} + +{{- define "sawtooth.container.validator" -}} +{{- $ctx := dict "container" .Values.sawtooth.containers.validator "values" .Values "global" .Values.global -}} +- name: validator + {{- include "sawtooth.container" $ctx | nindent 2 }} + lifecycle: + {{- include "sawtooth.container.validator.lifecycle" . | nindent 4 }} + args: + - | + source /opt/chart/scripts/validator-env + {{- include "sawtooth.genesis.create" . | nindent 6 }} + sawtooth-validator {{ include "sawtooth.logLevel" $ctx }} \ + {{ .Values.sawtooth.containers.validator.args}} --scheduler {{ .Values.sawtooth.scheduler }} \ + --endpoint tcp://${NODE_NAME}:{{ include "sawtooth.ports.sawnet" . }} \ + {{- include "sawtooth.network" . | nindent 8 -}} \ + ; + {{- include "sawtooth.signal.fire" . | nindent 6 }} + volumeMounts: + {{- include "sawtooth.signals.mount" . | nindent 4 }} + {{- include "sawtooth.etc.mount" . | nindent 4 }} + {{- include "sawtooth.data.mount" . | nindent 4 }} + {{- include "sawtooth.scripts.mount" . | nindent 4 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 4 }} + livenessProbe: + {{- include "sawtooth.container.validator.livenessProbe" . | nindent 4 }} + ports: + - containerPort: {{ include "sawtooth.ports.sawcomp" . }} + name: sawcomp + - containerPort: {{ include "sawtooth.ports.sawnet" . }} + {{- if not .Values.sawtooth.statefulset.enabled }} + hostPort: {{ include "sawtooth.ports.sawnet" . }} + {{- end }} + name: sawnet + - containerPort: {{ include "sawtooth.ports.consensus" . }} + name: consensus +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/templates/_utils.tpl b/charts/btp/chronicle/charts/sawtooth/templates/_utils.tpl new file mode 100644 index 000000000..19ba4bcd9 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/_utils.tpl @@ -0,0 +1,8 @@ + + +{{/* */}} +{{- define "utils.hostaliases" -}} +{{- if .Values.hostAliases -}} +{{ toYaml .Values.hostAliases }} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/templates/ingress.yaml b/charts/btp/chronicle/charts/sawtooth/templates/ingress.yaml new file mode 100644 index 000000000..c21fa1b8c --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/ingress.yaml @@ -0,0 +1,6 @@ +{{- if .Values.ingress.enabled -}} +{{- $serviceName := include "common.names.fullname" . -}} +{{- $ingressName := printf "%s-rest" $serviceName -}} +{{- $servicePort := include "sawtooth.ports.rest" . | int -}} +{{ include "lib.ingress" (dict "ingressName" $ingressName "ingress" .Values.ingress "serviceName" $serviceName "servicePort" $servicePort "context" $) }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/templates/pernode-services.yaml b/charts/btp/chronicle/charts/sawtooth/templates/pernode-services.yaml new file mode 100644 index 000000000..fa9c80820 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/pernode-services.yaml @@ -0,0 +1,38 @@ + +{{- $consensus := .Values.sawtooth.consensus | int -}} +{{- if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) -}} +{{- $ctx := . -}} +# {{ include "sawtooth.replicas" $ctx }} enodes +{{ range untilStep 0 ((include "sawtooth.replicas" $ctx) | int) 1 }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "sawtooth.labels" $ctx | nindent 4}} + per-node: {{ include "common.names.fullname" $ctx }}-{{ . }} + component: sawtooth + name: {{ include "common.names.fullname" $ctx }}-{{ . }} + namespace: {{ $ctx.Release.Namespace }} +spec: + type: {{ $ctx.Values.sawtooth.perNodeServiceType }} + sessionAffinity: ClientIP + ports: + - port: {{ include "sawtooth.ports.rest" $ctx }} + protocol: TCP + targetPort: {{ include "sawtooth.ports.rest" $ctx }} + name: rest-api + - port: {{ include "sawtooth.ports.sawnet" $ctx }} + protocol: TCP + targetPort: {{ include "sawtooth.ports.sawnet" $ctx }} + name: sawnet + - port: {{ include "sawtooth.ports.sawcomp" $ctx }} + protocol: TCP + targetPort: {{ include "sawtooth.ports.sawcomp" $ctx }} + name: sawcomp + selector: {{- include "sawtooth.labels.matchLabels" $ctx | nindent 4 }} + statefulset.kubernetes.io/pod-name: {{ include "common.names.fullname" $ctx }}-{{ . }} +{{- end -}} +{{- else -}} +--- +# no enodes +{{- end -}} diff --git a/charts/btp/chronicle/charts/sawtooth/templates/serviceaccount.yaml b/charts/btp/chronicle/charts/sawtooth/templates/serviceaccount.yaml new file mode 100644 index 000000000..65c669296 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lib.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +automountServiceAccountToken: false +{{ if .Values.imagePullSecrets.enabled }} +imagePullSecrets: +{{range .Values.imagePullSecrets.value }} + - name: {{ .name }} +{{ end }} +{{ end }} diff --git a/charts/btp/chronicle/charts/sawtooth/templates/validator-clusterroles.yaml b/charts/btp/chronicle/charts/sawtooth/templates/validator-clusterroles.yaml new file mode 100644 index 000000000..c161b1b90 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/validator-clusterroles.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Namespace}}-{{include "common.names.fullname" .}} + labels: {{ include "sawtooth.labels" . | nindent 4 }} +rules: + - apiGroups: ["","apps/v1"] # "" refers to the core API group + resources: ["nodes"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Namespace}}-{{include "common.names.fullname" .}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Namespace}}-{{include "common.names.fullname" .}} +subjects: +- kind: ServiceAccount + name: {{ include "lib.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- diff --git a/charts/btp/chronicle/charts/sawtooth/templates/validator-env-configmap.yaml b/charts/btp/chronicle/charts/sawtooth/templates/validator-env-configmap.yaml new file mode 100644 index 000000000..37881defc --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/validator-env-configmap.yaml @@ -0,0 +1,98 @@ +{{- $consensus := .Values.sawtooth.consensus | int -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-scripts + namespace: {{ .Release.Namespace }} + labels: {{ include "sawtooth.labels" . | nindent 4}} +data: + validator-env: |- + #!/bin/bash + + BIN_DIR=/usr/local/bin + + function get_local_pods() { + kubectl get pod -l "app={{ include "common.names.fullname" . }}" \ + --no-headers=true -o name | sed -e 's/pod\///g' + } + + function get_all_nodes() { + for pod in $(get_local_pods); do + get_node_for_pod $pod + done | sort + } + + function get_genesis_node() { + kubectl get configmap {{ include "common.names.fullname" . }}-genesis -o jsonpath='{.data.node}' + } + + function get_node_for_pod() { + local pod=${1:?} + {{ if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) -}} + echo "$pod" + {{- else -}} + kubectl get pod "$pod" -o jsonpath='{ $.spec.nodeName }' + {{- end }} + } + + declare -a host_list + for node in $(get_all_nodes); do + host_list+=("$node") + done + + export SEEDS= + export PEERS= + MY_NODE_NAME=$(get_node_for_pod $POD_NAME) + MY_PEERS=() + export DELAY=0 + + echo "Local Hosts Visible ${host_list[@]}" + this_list=("${host_list[@]}") + for host in "${host_list[@]}"; do + this_list=("${this_list[@]:1}") + if [ "$host" == "$MY_NODE_NAME" ]; then + while [ -n "${this_list[0]}" ]; do + MY_PEERS+=("${this_list[0]}") + this_list=("${this_list[@]:1}") + done + else + ((DELAY += 1)) + fi + done + + for peer in "${MY_PEERS[@]}"; do + export SEEDS="--seeds tcp://$peer:{{ include "sawtooth.ports.sawnet" . }} $SEEDS" + export PEERS="--peers tcp://$peer:{{ include "sawtooth.ports.sawnet" . }} $PEERS" + done + + SET_GENESIS_NODE=${host_list[0]} + + GENESIS_NODE=$(get_genesis_node) + while [ -z "$GENESIS_NODE" ]; do + sleep "$(echo $RANDOM | cut -c1-2)" + GENESIS_NODE=$(get_genesis_node) + if [ -z "$GENESIS_NODE" ]; then + "${BIN_DIR}/upsert_cm.sh" {{ include "common.names.fullname" . }}-genesis node "$SET_GENESIS_NODE" + fi + done + GENESIS_NODE=$(get_genesis_node) + + "${BIN_DIR}/upsert_cm.sh" validator-public "$NODE_NAME" "$(cat /etc/sawtooth/keys/validator.pub)" + "${BIN_DIR}/upsert_cm.sh" validator-secret "$NODE_NAME" "$(cat /etc/sawtooth/keys/validator.priv)" + + if [ "$GENESIS_NODE" = "$NODE_NAME" ]; then + export RUN_GENESIS=1 + if [ ! -r /etc/sawtooth/initialized ]; then + PODCOUNT=$(get_local_pods | wc -l) + KEYCOUNT=$("${BIN_DIR}/get_local_public_keys.sh" "{{ .Release.Namespace }}" | wc -l) + while [ "$PODCOUNT" != "$KEYCOUNT" ]; do + sleep "$DELAY" + PODCOUNT=$(get_local_pods | wc -l) + KEYCOUNT=$("${BIN_DIR}/get_local_public_keys.sh" "{{ .Release.Namespace }}" | wc -l) + done + fi + else + export RUN_GENESIS=0 + fi diff --git a/charts/btp/chronicle/charts/sawtooth/templates/validator-roles.yaml b/charts/btp/chronicle/charts/sawtooth/templates/validator-roles.yaml new file mode 100644 index 000000000..305b01809 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/validator-roles.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{include "common.names.fullname" .}} + namespace: {{ .Release.Namespace }} + labels: {{ include "sawtooth.labels" . | nindent 4 }} +rules: + - apiGroups: ["","apps/v1"] # "" refers to the core API group + resources: ["services", "pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["","apps/v1"] # "" refers to the core API group + resources: ["configmaps"] + verbs: ["get", "create", "list", "watch", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{include "common.names.fullname" .}} + namespace: {{ .Release.Namespace }} + labels: {{ include "sawtooth.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{include "common.names.fullname" .}} +subjects: +- kind: ServiceAccount + name: {{ include "lib.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- diff --git a/charts/btp/chronicle/charts/sawtooth/templates/validator-set.yaml b/charts/btp/chronicle/charts/sawtooth/templates/validator-set.yaml new file mode 100644 index 000000000..806016ba9 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/validator-set.yaml @@ -0,0 +1,67 @@ +{{ $consensus := .Values.sawtooth.consensus | int }} +--- +apiVersion: apps/v1 +kind: {{ include "sawtooth.kind" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "sawtooth.labels" . | nindent 4}} +spec: + {{ if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) -}} + replicas: {{ include "sawtooth.replicas" . | int }} + serviceName: {{ include "common.names.fullname" . | quote }} + podManagementPolicy: Parallel + {{- end }} + updateStrategy: + type: RollingUpdate + {{ if not (or .Values.sawtooth.statefulset.enabled (eq $consensus 100)) }} + rollingUpdate: + maxUnavailable: {{ .Values.sawtooth.maxUnavailable | int }} + {{- end }} + {{ if (semverCompare "^1.22" .Capabilities.KubeVersion.Version) -}} + minReadySeconds: {{ .Values.sawtooth.minReadySeconds | int }} + {{- end }} + selector: + matchLabels: {{- include "sawtooth.labels.matchLabels" . | nindent 6 }} + template: + metadata: + labels: {{- include "sawtooth.labels.matchLabels" . | nindent 8 }} + annotations: {{- toYaml .Values.sawtooth.statefulset.podAnnotations | nindent 8 }} + spec: + serviceAccountName: {{ include "lib.serviceAccountName" . }} + automountServiceAccountToken: true + affinity: {{- include "sawtooth.affinity" . | nindent 8 }} + hostAliases: {{- include "sawtooth.hostaliases" . | nindent 8 }} + containers: {{- include "sawtooth.containers" . | nindent 8 }} + initContainers: + - name: setup + {{- include "lib.image" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global ) |nindent 10 }} + volumeMounts: + {{- include "sawtooth.etc.mount" . | nindent 12 }} + {{- include "sawtooth.data.mount" . | nindent 12 }} + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 12 }} + {{- include "sawtooth.container.command" . | nindent 10 }} + {{- include "sawtooth.container.env" (dict "container" .Values.sawtooth.containers.validator "values" .Values "global" .Values.global) | nindent 10 }} + args: + - | + {{- include "sawtooth.genesis.reset" . | nindent 14 }} + mkdir -p /etc/sawtooth/genesis + mkdir -p /etc/sawtooth/keys + if [ ! -r /etc/sawtooth/keys/validator.priv ]; then + sawadm keygen --force + fi + {{ if .Values.sawtooth.genesis.enabled }} + {{- include "sawtooth.container.poet-registration" . | nindent 8 }} + {{ end }} + volumes: + {{- include "sawtooth.signals.volume" . | nindent 8 }} + {{- include "sawtooth.scripts.volume" . | nindent 8 }} + {{- include "lib.volumes" .Values.extraVolumes | nindent 8 }} +{{ if or .Values.sawtooth.statefulset.enabled (eq $consensus 100) }} + volumeClaimTemplates: + {{- include "sawtooth.data.volume.vct" . | nindent 4 }} + {{- include "sawtooth.etc.volume.vct" . | nindent 4 }} +{{ else }} + {{- include "sawtooth.etc.volume" . | nindent 8 }} + {{- include "sawtooth.data.volume" . | nindent 8 }} +{{ end }} diff --git a/charts/btp/chronicle/charts/sawtooth/templates/validators-svcs.yaml b/charts/btp/chronicle/charts/sawtooth/templates/validators-svcs.yaml new file mode 100644 index 000000000..a6efa8b33 --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/templates/validators-svcs.yaml @@ -0,0 +1,27 @@ +{{$peering:= .Values.sawtooth.dynamicPeering }} +--- + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{ include "sawtooth.labels" . | nindent 4}} + component: sawtooth +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ include "sawtooth.ports.rest" . }} + protocol: TCP + targetPort: {{ include "sawtooth.ports.rest" . }} + name: rest-api + - port: {{ include "sawtooth.ports.sawnet" . }} + protocol: TCP + targetPort: {{ include "sawtooth.ports.sawnet" . }} + name: sawnet + - port: {{ include "sawtooth.ports.sawcomp" . }} + protocol: TCP + targetPort: {{ include "sawtooth.ports.sawcomp" . }} + name: sawcomp + selector: {{- include "sawtooth.labels.matchLabels" . | nindent 4 }} diff --git a/charts/btp/chronicle/charts/sawtooth/values.yaml b/charts/btp/chronicle/charts/sawtooth/values.yaml new file mode 100644 index 000000000..1727e5a0a --- /dev/null +++ b/charts/btp/chronicle/charts/sawtooth/values.yaml @@ -0,0 +1,480 @@ +--- +## @md # Sawtoooth +## @md +## @md | field | description | default | +## @md |-|-|-| + +affinity: + ## @md | `affinity.enabled` | false: no effect true: then validators will be deployed only to k8s nodes with the label `app={{ .sawtooth.networkName }}-validator` | false | + # Normally set this as disabled. + # If false - no effect, validators are run on every ( or in the case of devmode any one) + # node in the cluster. + # If True, then validators will be deployed only to k8s nodes with the label + # app={{ .sawtooth.networkName }}-validator + enabled: false + +global: + logLevel: warn + image: + registry: + tag: + + +## @md | `commonLabels` | +commonLabels: {} +commonAnnotations: {} +# This is optional, +# if false the values are ignored, +# if true then there should exist a secret within the namespace +# of the given names, multiple values are acceptable +hostAliases: +imagePullSecrets: + ## @md | `imagePullSecrets.enabled` | if true use the list of named imagePullSecrets | false | + enabled: false + ## @md | `imagePullSecrets.value` | a list if named secret references of the form ```- name: secretName```| [] | + value: [] +ingress: + ## @md | `ingress.apiVersion` | if necessary the apiVersion of the ingress may be overridden | "" | + apiVersion: "" + ## @md | `ingress.enabled` | true to enable the ingress to the main service rest-api | false | + enabled: false + ## @md | `ingress.certManager` | true to enable the acme certmanager for this ingress | false | + certManager: false + ## @md | `ingress.hostname` | primary hostname for the ingress | false | + hostname: "sawtooth.local" + ## @md | `ingress.path` | path for the ingress's primary hostname | / | + path: / + ## @md | `ingress.pathType` | pathType for the ingress's primary hostname | nil | + pathType: + ## @md | `ingress.annotations` | annotations for the ingress | {} | + annotations: {} + ## @md | `ingress.tls` | true to enable tls on the ingress with a secrete at hostname-tls | false | + tls: false + ## @md | `ingress.extraHosts` | list of extra hosts to add to the ingress | [] | + extraHosts: [] + ## @md | `ingress.extraPaths` | list of extra paths to add to the primary host of the ingress | [] | + extraPaths: [] + ## @md | `ingress.extraTls` | list of extra tls entries | [] | + extraTls: [] +pagerduty: + ## @md | `pagerduty.enabled` | if true send pagerduty alerts | false | + enabled: false + ## @md | `pagerduty.token` | pagerduty user token | nil | + token: + ## @md | `pagerduty.serviceid` | pagerduty serviceid | nil | + serviceid: +sawtooth: + opentsdb: + ## @md | `sawtooth.opentsdb.db` | name of the opentsdb database to be used | metrics | + db: metrics + ## @md | `sawtooth.opentsdb.url` | url of the opentsdb database to be used | nil | + url: + ## @md | `sawtooth.opentsdb.enabled` | whether to enable the opentsdb metrics | false | + enabled: false + statefulset: + enabled: true + replicas: + podAnnotations: + ## @md | `sawtooth.minReadySeconds` | the minimum time a pod must be Running before proceeding on a rolling update | 120 | + minReadySeconds: 120 + ## @md | `sawtooth.maxUnavailable` | maximum number of pods allowed down on a rollout or update | 1 | + maxUnavailable: 1 + containers: + block_info: + ## @md | `sawtooth.containers.block_info.args` | extra args for block-info-tp | nil | + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-block-info-tp + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + devmode_engine: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-devmode-engine-rust + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + identity_tp: + ## @md | `sawtooth.containers.identity_tp.args` | extra args for identity-tp | nil | + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-identity-tp + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + intkey_tp: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-intkey-tp-go + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + monitor: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-shell + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "100m" + requests: + cpu: "100m" + pbft_engine: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-pbft-engine + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + poet_engine: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-poet-engine + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + poet_validator_registry_tp: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-poet-validator-registry-tp + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + poet_registration: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-poet-cli + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + raft_engine: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-raft-engine + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + rest_api: + ## @md | `sawtooth.containers.rest_api.args` | extra args for rest-api | nil | + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-rest-api + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + seth_rpc: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-seth-rpc + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + seth_tp: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-seth-tp + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + settings_tp: + ## @md | `sawtooth.containers.settings_tp.args` | extra args for settings-tp | nil | + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-settings-tp + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + smallbank_tp: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-smallbank-tp-go + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + validator: + ## @md | `sawtooth.containers.validator.args` | extra args for validator | nil | + args: + ## @md | `sawtooth.containers.validator.env` | list of environment name/value dicts | nil | + env: + - name: RUST_BACKTRACE + value: "1" + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-validator + tag: BTP2.1.0 + logLevel: + resources: {} + xo_tp: + args: + env: + image: + pullPolicy: + registry: + repository: blockchaintp/sawtooth-xo-tp-go + tag: BTP2.1.0 + logLevel: + resources: + limits: + cpu: "250m" + requests: + cpu: "50m" + perNodeServiceType: ClusterIP + persistence: + enabled: true + annotations: + accessModes: + - "ReadWriteOnce" + storageClass: + size: 40Gi + ports: + ## @md | `sawtooth.ports.sawnet` | port for the sawtooth validator network | 8800 | + sawnet: 8800 + ## @md | `sawtooth.ports.consensus` | port for the sawtooth consensus network | 5050 | + consensus: 5050 + ## @md | `sawtooth.ports.sawcomp` | port for the sawtooth component network | 4004 | + sawcomp: 4004 + ## @md | `sawtooth.ports.rest` | port for the sawtooth rest-api | 8008 | + rest: 8008 + livenessProbe: + ## @md | `sawtooth.livenessProbe.enabled` | whether to run the livenessProbe on the validator | false | + enabled: false + ## @md | `sawtooth.livenessProbe.initialDelaySeconds` | seconds to wait before running the liveness probe the first time | 300 | + initialDelaySeconds: 300 + ## @md | `sawtooth.livenessProbe.periodSeconds` | interval in seconds to re-run the liveness probe | 120 | + periodSeconds: 120 + ## @md | `sawtooth.livenessProbe.active` | if false, the liveness probe will run and evaluate the the situation, but always return successfully | string | "false" + active: "false" + ## @md | `sawtooth.livenessProbe.exitSignals` | when restarting due to a livenessProbe failure, the validator pod has a "signal" system which will cause it to restart the named containers in this var | "block-info-tp" | + exitSignals: "block-info-tp pbft-engine" + heartbeat: + ## @md | `sawtooth.heartbeat.interval` | interval in seconds to issue a heartbeat | 300 | + interval: 300 + + ## @md | `sawtooth.permissioned` | Whether to run this chain as a permissioned chain or not | false | + permissioned: false + # This MUST be chosen by the user + # Follows DNS naming rules + ## @md | `sawtooth.namespace` | namespace to render these templates into (deprecated) | "prod" | + namespace: prod + # This MUST be chosen by the user. + # Follows DNS naming rules + ## @md | `sawtooth.networkName` | name of this sawtooth network (deprecated) | "mynetwork" | + networkName: mynetwork + # serial or parallel + ## @md | `sawtooth.scheduler` | name of the sawtooth transaction scheduler to use | string | "serial" + scheduler: serial + # 100 - DevMode, 200 - PoET,300 - Raft, 400 - pbft + # Engines can be enabled, but they aren't active unless they are selected + # as the consensus algorithm. + ## @md | `sawtooth.consensus` | id of the the consensus algorithm to use< valid values: 100:DevMode, 200, PoET, 300 - Raft, 400, PBFT | int | 200 + consensus: 200 + genesis: + ## @md | `sawtooth.genesis.enabled` | If true, and the cluster is starting for the first time, then a node will be selected to create and submit the genesis block | true | + enabled: true + ## @md | `sawtooth.genesis.seed` | The seed is an arbitrary string which identifies a given genesis If the data of a given set of nodes is to be wiped out, change this value. | "9a2de774-90b5-11e9-9df0-87e889b0f1c9" | + seed: "9a2de774-90b5-11e9-9df0-87e889b0f1c9" + ## @md | `sawtooth.dynamicPeering` | Dynamic Peering should default to false, since it is a bit unreliable | false | + dynamicPeering: false + ## @md | `sawtooth.externalSeeds` | a list of maps defining validator endpoints external to this deployment | [] | + externalSeeds: [] + seth: + # This should default to false, there appear to be problems with the required + # block_info block injector that this depends upon + ## @md | `sawtooth.seth.enabled` | enabled sawtooth-seth | false | + enabled: false + xo: + # default this to false since you probably don't want it in real life + ## @md | `sawtooth.xo.enabled` | enabled sawtooth-xo-tp | false | + enabled: false + smallbank: + # default this to false since you probably don't want it in real life + ## @md | `sawtooth.smallbank.enabled` | enabled sawtooth-smallbank-tp | false | + enabled: false + volumes: + # This MUST be set, and SHOULD be presented to the user as an option, as it is a likely area + # of customization + ## @md | `sawtooth.hostPathBaseDir` | all sawtooth hostPath directories will be based here | string | /var/lib/btp + hostPathBaseDir: /var/lib/btp/ + # This is an arbitrary cool down period to wait for validators to initialize + # before starting any client operations + ## @md | `sawtooth.client_wait` | arbitrary delay to validator client startup, such as the rest-api | 90 | + client_wait: 90 + ## @md | `sawtooth.customTPs` | a list of [custom tp definitions](#custom-tp-definitions) | nil | + customTPs: + # A list of basic container definitions + # - name: intkey-tp + # image: "blockchaintp/sawtooth-intkey-tp-go:1.0.5" + # command: [ "bash", "-c" ] + # args: [ "intkey-tp-go -v --connect tcp://localhost:4004" ] + ## @md | `sawtooth.affinity` | custom affinity rules for the sawtooth validator deamonset | nil | + affinity: {} + +serviceAccount: + create: true + name: +# The below are mostly controlled by BTP, although an "advanced" option to customize them may be +# presented +## @md | `images` | a map containing all of the image urls used by this template| N/A | +images: + ## @md + ## @md ## Images + ## @md + ## @md | field | default | + ## @md |- |- | + ## @md | `images.devmode_engine` | blockchaintp/sawtooth-devmode-engine-rust:BTP2.1.0 + devmode_engine: + ## @md | `images.pbft_engine` | blockchaintp/sawtooth-pbft-engine:BTP2.1.0 + pbft_engine: + ## @md | `images.poet_cli` | blockchaintp/sawtooth-poet-cli:BTP2.1.0 + poet_cli: + ## @md | `images.poet_engine` | blockchaintp/sawtooth-poet-engine:BTP2.1.0 + poet_engine: + ## @md | `images.poet_validator_registry_tp` | blockchaintp/sawtooth-poet-validator-registry-tp:BTP2.1.0 + poet_validator_registry_tp: + ## @md | `images.raft_engine` | blockchaintp/sawtooth-raft-engine:BTP2.1.0 + raft_engine: + ## @md | `images.block_info_tp` | blockchaintp/sawtooth-block-info-tp:BTP2.1.0 + block_info_tp: + ## @md | `images.identity_tp` | blockchaintp/sawtooth-identity-tp:BTP2.1.0 + identity_tp: + ## @md | `images.intkey_tp` | blockchaintp/sawtooth-intkey-tp-go:BTP2.1.0 + intkey_tp: + ## @md | `images.settings_tp` | blockchaintp/sawtooth-settings-tp:BTP2.1.0 + settings_tp: + ## @md | `images.shell` | blockchaintp/sawtooth-shell:BTP2.1.0 + shell: + ## @md | `images.smallbank_tp` | blockchaintp/sawtooth-smallbank-tp-go:BTP2.1.0 + smallbank_tp: + ## @md | `images.validator` | blockchaintp/sawtooth-validator:BTP2.1.0 + validator: + ## @md | `images.xo_tp` | blockchaintp/sawtooth-xo-tp-go:BTP2.1.0 + xo_tp: + ## @md | `images.rest_api` | blockchaintp/sawtooth-rest-api:BTP2.1.0 + rest_api: + ## @md | `images.seth_rpc` | blockchaintp/sawtooth-seth-rpc:BTP2.1.0 + seth_rpc: + ## @md | `images.seth_tp` | blockchaintp/sawtooth-seth-tp:BTP2.1.0 + seth_tp: + ## @md | `images.xo_demo` | blockchaintp/xo-demo:BTP2.1.0 + xo_demo: + +## @md +## @md ## Custom TP Definitions +## @md +## @md Custom TP definitions are describe using maps with the following fields +## @md +## @md | field | description | default | +## @md |-|-|-| +## @md | `name` | name of the custom tp container(must be unique within the pod) | nil | +## @md | `image` | url of the image for this tp | nil | +## @md | `command` | list of command tokens for this tp | list | nil +## @md | `arg` | list of arguments to the command | nil] | + +## @md | `extraVolumes` | a list of additional volumes to add to all StatefulSets, Deployments, and DaemonSets | `[]` | +extraVolumes: [] +## @md | `extraVolumeMounts` | a list of additional volume mounts to add to all StatefulSet, Deployment, and DaemonSet containers | `[]` | +extraVolumeMounts: [] diff --git a/charts/btp/chronicle/charts/standard-defs/Chart.lock b/charts/btp/chronicle/charts/standard-defs/Chart.lock new file mode 100644 index 000000000..1527b8ebd --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 1.8.0 +digest: sha256:bdd898d81e711e825f3bfc9e0b0e0668382ff1ff02d74874b6b6997ae0bbc9ce +generated: "2022-06-17T20:57:49.357553367Z" diff --git a/charts/btp/chronicle/charts/standard-defs/Chart.yaml b/charts/btp/chronicle/charts/standard-defs/Chart.yaml new file mode 100644 index 000000000..459af8bc2 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 0.1.0 +dependencies: +- name: common + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: ~1.8.0 +description: BTP Standard Template definitions and dependencies +name: standard-defs +type: library +version: 0.1.3 diff --git a/charts/btp/chronicle/charts/standard-defs/README.md b/charts/btp/chronicle/charts/standard-defs/README.md new file mode 100644 index 000000000..e69de29bb diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/.helmignore b/charts/btp/chronicle/charts/standard-defs/charts/common/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/Chart.yaml b/charts/btp/chronicle/charts/standard-defs/charts/common/Chart.yaml new file mode 100644 index 000000000..344c40384 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.8.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- http://www.bitnami.com/ +type: library +version: 1.8.0 diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/README.md b/charts/btp/chronicle/charts/standard-defs/charts/common/README.md new file mode 100644 index 000000000..054e51f96 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/README.md @@ -0,0 +1,327 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for policy | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Inpput | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_affinities.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_affinities.tpl new file mode 100644 index 000000000..189ea403d --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_capabilities.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_capabilities.tpl new file mode 100644 index 000000000..ae45d5e35 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_capabilities.tpl @@ -0,0 +1,117 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for policy. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_errors.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_errors.tpl new file mode 100644 index 000000000..a79cc2e32 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_images.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_images.tpl new file mode 100644 index 000000000..42ffbc722 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_ingress.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_ingress.tpl new file mode 100644 index 000000000..f905f2005 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_ingress.tpl @@ -0,0 +1,55 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_labels.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_labels.tpl new file mode 100644 index 000000000..252066c7e --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_names.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_names.tpl new file mode 100644 index 000000000..adf2a74f4 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_secrets.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_secrets.tpl new file mode 100644 index 000000000..60b84a701 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_secrets.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- if index $secret.data .key }} + {{- $password = index $secret.data .key }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_storage.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_storage.tpl new file mode 100644 index 000000000..60e2a844f --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_tplvalues.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_tplvalues.tpl new file mode 100644 index 000000000..2db166851 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_utils.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_utils.tpl new file mode 100644 index 000000000..ea083a249 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_warnings.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_warnings.tpl new file mode 100644 index 000000000..ae10fa41e --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_cassandra.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 000000000..8679ddffb --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_mariadb.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 000000000..bb5ed7253 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_mongodb.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 000000000..1e5bba981 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_postgresql.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 000000000..992bcd390 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,131 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_redis.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_redis.tpl new file mode 100644 index 000000000..18d9813c5 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis™ required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (not $existingSecretValue) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_validations.tpl b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_validations.tpl new file mode 100644 index 000000000..9a814cf40 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/charts/common/values.yaml b/charts/btp/chronicle/charts/standard-defs/charts/common/values.yaml new file mode 100644 index 000000000..f2df68e5e --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/charts/btp/chronicle/charts/standard-defs/templates/_ingress.tpl b/charts/btp/chronicle/charts/standard-defs/templates/_ingress.tpl new file mode 100644 index 000000000..e1b16d928 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/templates/_ingress.tpl @@ -0,0 +1,101 @@ +{{/* +include "ingress" (dict "ingressName" "myingress" "ingress" path.to.ingress "serviceName" "the-service" "servicePort" 9090 "context" $) + +ingress: + enabled: true + certManager: false + pathType: ImplementationSpecific + apiVersion: "" + hostname: theservice.local + path: / + annotations: {} + tls: false + extraHosts: [] + extraPaths: [] + extraTls: [] + secrets: [] +*/}} +{{- define "lib.ingress" -}} +{{- $ctx := .context -}} +{{- $ingressName := .ingressName -}} +{{- $serviceName := .serviceName -}} +{{- $servicePort := .servicePort -}} +{{- $extraPaths := .ingress.extraPaths -}} +{{- if .ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" $ctx }} +kind: Ingress +metadata: + name: {{ $ingressName }} + namespace: {{ $ctx.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ctx | nindent 4 }} + {{- if $ctx.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonLabels "context" $ctx ) | nindent 4 }} + {{- end }} + annotations: + {{- if .ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if .ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .ingress.annotations "context" $ctx ) | nindent 4 }} + {{- end }} + {{- if $ctx.Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" $ctx.Values.commonAnnotations "context" $ctx ) | nindent 4 }} + {{- end }} +spec: + rules: + {{- if .ingress.hostname }} + - host: {{ .ingress.hostname }} + http: + paths: + - path: {{ .ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: {{ default "ImplementationSpecific" .ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- include "lib.safeToYaml" $extraPaths | nindent 10 }} + {{- end }} + {{- range .ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- include "lib.safeToYaml" $extraPaths | nindent 10 }} + {{- end }} + {{/* .ingress.hosts is deprecated */}} + {{- range .ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- if .path }} + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- end }} + {{- range .paths }} + - path: {{ . | quote }} + {{- if eq "true" (include "common.ingress.supportsPathType" $ctx) }} + pathType: ImplementationSpecific + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" $serviceName "servicePort" $servicePort "context" $ctx) | nindent 14 }} + {{- end }} + {{- end }} + {{/* .ingress.hosts is deprecated */}} + {{- if or .ingress.tls .ingress.extraTls }} + tls: + {{- if .ingress.tls }} + - hosts: + - {{ .ingress.hostname }} + secretName: {{ printf "%s-tls" .ingress.hostname }} + {{- end }} + {{- if .ingress.extraTls }} + {{- include "common.tplvalues.render" ( dict "value" .ingress.extraTls "context" $ctx ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/templates/_lib.tpl b/charts/btp/chronicle/charts/standard-defs/templates/_lib.tpl new file mode 100644 index 000000000..deaa325c4 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/templates/_lib.tpl @@ -0,0 +1,51 @@ + +{{/* +Call a template function in the context of a sub-chart, as opposed to the +current context of the caller +{{ include "lib.call-nested" (list . "subchart" "template_name") }} +*/}} +{{- define "lib.call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "lib.labels" -}} +helm.sh/chart: {{ include "common.names.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "common.labels.matchLabels" . }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "lib.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Given a variable, if it is not false, output as Yaml + +include "lib.safeToYaml" .Values.something +*/}} +{{- define "lib.safeToYaml" -}} +{{- if . -}} +{{ toYaml . }} +{{- end -}} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/templates/_lib_image.tpl b/charts/btp/chronicle/charts/standard-defs/templates/_lib_image.tpl new file mode 100644 index 000000000..8f8e00231 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/templates/_lib_image.tpl @@ -0,0 +1,50 @@ +{{/* +Given a setup like the following: + +# global and on down are optional +global: + image: + registry: my-registry.com + tag: latest + +# This is the imageRoot +somecomponent: + image: + registry: my-other-registry.com + tag: 1.0.0 + repository: bobs/coolthing + +*/}} +{{/* +{{ include "lib.image.url" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}} +*/}} +{{- define "lib.image.url" -}} + {{- $globalRegistryName := "" -}} + {{- $globalTag := "latest" -}} + {{- if .global -}} + {{- if .global.image -}} + {{- if .global.image.registry -}} + {{- $globalRegistryName = .global.image.registry -}} + {{- end -}} + {{- if .global.image.tag -}} + {{- $globalTag = .global.image.tag -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- $repository := .imageRoot.repository -}} + {{- $registry := default $globalRegistryName .imageRoot.registry -}} + {{- $tag := default $globalTag .imageRoot.tag -}} + {{- if $registry -}} + {{- printf "%s/%s:%s" $registry $repository $tag -}} + {{- else -}} + {{- printf "%s:%s" $repository $tag -}} + {{- end -}} +{{- end -}} + +{{/* +{{ include "utils.image" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}} +*/}} +{{- define "lib.image" -}} +image: {{ include "lib.image.url" . }} +imagePullPolicy: {{ default "IfNotPresent" .imageRoot.pullPolicy }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/templates/_lib_volumes.tpl b/charts/btp/chronicle/charts/standard-defs/templates/_lib_volumes.tpl new file mode 100644 index 000000000..93f1139b1 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/templates/_lib_volumes.tpl @@ -0,0 +1,34 @@ + + +{{/* +given a variable list, create a list of volumes + +extraVolumes: + - name: pv-data + persistentVolumeClaim: + claimName: pvc-persistent-cfg + - name: scratch + emptyDir: {} + +include "lib.volumes" .Values.extraVolumes + +*/}} +{{- define "lib.volumes" -}} +{{ include "lib.safeToYaml" . }} +{{- end -}} + +{{/* +given a variable list, create a list of volumeMounts + +extraVolumeMounts: + - name: pv-data + mountPath: /data + - name: scratch + mountPath: /scratch + +include "lib.volumeMounts" .Values.extraVolumeMounts + +*/}} +{{- define "lib.volumeMounts" -}} +{{ include "lib.safeToYaml" . }} +{{- end -}} diff --git a/charts/btp/chronicle/charts/standard-defs/values.yaml b/charts/btp/chronicle/charts/standard-defs/values.yaml new file mode 100644 index 000000000..1ff659769 --- /dev/null +++ b/charts/btp/chronicle/charts/standard-defs/values.yaml @@ -0,0 +1 @@ +exampleValue: example diff --git a/charts/btp/chronicle/questions.yaml b/charts/btp/chronicle/questions.yaml new file mode 100644 index 000000000..7fad4a6fe --- /dev/null +++ b/charts/btp/chronicle/questions.yaml @@ -0,0 +1,130 @@ +--- +questions: + # Chronicle + - variable: image.repository + default: "" + required: false + type: string + label: Chronicle docker repository + description: The Chronicle docker repository. This may be domain specific, see https://docs.btp.works/chronicle + group: "Chronicle Settings" + - variable: image.tag + default: "" + required: false + type: string + label: Chronicle Image tag + description: The Chronicle docker image tag. + group: "Chronicle Settings" + - variable: webUi + default: false + required: false + type: boolean + label: Enable Web UI + description: Enables the graphql playground interface for development use. + group: "Chronicle Settings" + + # Ingress Settings + - variable: ingress.enabled + default: "false" + required: false + type: boolean + label: Enable Chronicle ingress + description: Enable an ingress for the Chronicle service. + group: "Ingress Settings" + show_subquestion_if: true + subquestions: + - variable: ingress.hostname + default: "" + required: false + type: string + label: Ingress hostname + description: Primary hostname for the ingress. + group: "Ingress Settings" + - variable: ingress.path + default: "" + required: false + type: string + label: Hostname Path + description: Path for the ingress's primary hostname. + group: "Ingress Settings" + - variable: ingress.pathType + default: "" + required: false + type: string + label: Hostname PathType + description: PathType for the ingress's primary hostname. + group: "Ingress Settings" + - variable: ingress.certManager + default: "false" + required: false + type: boolean + label: Enable the acme certmanager for this ingress + description: Enable the acme certmanager for this ingress. + group: "Ingress Settings" + - variable: ingress.annotations + default: "" + required: false + type: string + label: Ingress annotations + description: Annotations for the ingress. + group: "Ingress Settings" + - variable: ingress.tls + default: false + required: false + type: boolean + label: Ingress TLS + description: Enable tls on the ingress with a secrete at hostname-tls. + group: "Ingress Settings" + + # Chronicle database settings + - variable: postgres.persistence.enabled + default: "true" + type: boolean + required: true + label: Postgres persistance + description: Allocate a PVC for the internal Postgres instance + group: "Database settings" + - variable: postgres.enabled + default: "true" + required: true + type: boolean + label: Use internal postgres database + description: Create an internal Postgres instance for Chronicle, or if not supply details of an external Postgres. + group: "Database settings" + show_subquestion_if: false + subquestions: + - variable: postgres.user + default: "postgres" + required: true + type: string + label: Postgres user + description: User for the Postgres database + group: "Database settings" + - variable: postgres.host + default: "localhost" + required: true + type: string + label: Postgres host + description: Host for the Postgres database + group: "Database settings" + - variable: postgres.database + default: "postgres" + required: true + type: string + label: Database name + description: Database name for the Postgres database + group: "Database settings" + - variable: postgres.port + default: "5432" + required: true + type: int + label: Postgres port + description: Port for the Postgres database + group: "Database settings" + - variable: postgres.password + default: "postgres" + required: true + type: password + label: Postgres password + description: Password for the Postgres database + group: "Database settings" diff --git a/charts/btp/chronicle/templates/_chronicle.tpl b/charts/btp/chronicle/templates/_chronicle.tpl new file mode 100644 index 000000000..585161131 --- /dev/null +++ b/charts/btp/chronicle/templates/_chronicle.tpl @@ -0,0 +1,76 @@ +{{- define "chronicle.replicas" -}} +{{ .Values.replicas }} +{{- end -}} + +{{- define "tp.replicas" -}} +{{ include "lib.call-nested" (list . "sawtooth" "sawtooth.replicas") | int }} +{{- end -}} + +{{- define "chronicle.service.name" -}} +{{- $svc := include "common.names.fullname" . -}} +{{ printf "%s" $svc }} +{{- end -}} + +{{- define "chronicle.labels.matchLabels" -}} +{{ include "common.labels.matchLabels" . }} +{{ include "chronicle.labels.appLabels" . }} +{{- end -}} + +{{- define "chronicle.labels.appLabels" -}} +app: {{ include "common.names.fullname" . }} +chronicle: {{ include "common.names.fullname" . }} +{{- end -}} + +{{- define "chronicle.labels" -}} +{{ include "lib.labels" . }} +{{ include "chronicle.labels.appLabels" . }} +{{- end -}} + +{{- define "chronicle.sawtooth.sawcomp" -}} +{{ include "lib.call-nested" (list . "sawtooth" "sawtooth.ports.sawcomp") | int }} +{{- end -}} + +{{- define "chronicle.sawtooth.rest" -}} +{{ include "lib.call-nested" (list . "sawtooth" "sawtooth.ports.rest") | int }} +{{- end -}} + +{{- define "chronicle.sawtooth.service" -}} +{{- $svc := include "lib.call-nested" (list . "sawtooth" "common.names.fullname") -}} +{{- $ns := .Release.Namespace -}} +{{- $domain := "svc.cluster.local" -}} +{{ printf "%s.%s.%s" $svc $ns $domain }} +{{- end -}} + +{{- define "chronicle.affinity" -}} +{{- if .Values.affinity -}} +{{- toYaml .Values.affinity }} +{{- end -}} +{{- end -}} + +{{- define "chronicle.api.service" -}} +{{ include "chronicle.service.name" . }}-chronicle-api +{{- end -}} + +{{- define "chronicle.id-provider.service" -}} +{{ include "common.names.fullname" . }}-test-id-provider +{{- end -}} + +{{- define "chronicle.jwksUrl" -}} +{{- if .Values.auth.jwks.url -}} +{{ .Values.auth.jwks.url }} +{{- else -}} +{{- if .Values.devIdProvider.enabled -}} +http://{{ include "chronicle.id-provider.service" . }}:8090/jwks +{{- else -}} +{{ required "devIdProvider.enabled must be true or auth.jwks.url must be set!" .Values.auth.jwks.url }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chronicle.userinfoUrl" -}} +{{ .Values.auth.userinfo.url }} +{{- end -}} + +{{- define "chronicle.root-key.secret" -}} +{{ include "common.names.fullname" . }}-root-key +{{- end -}} diff --git a/charts/btp/chronicle/templates/_utils.tpl b/charts/btp/chronicle/templates/_utils.tpl new file mode 100644 index 000000000..b8d2b5030 --- /dev/null +++ b/charts/btp/chronicle/templates/_utils.tpl @@ -0,0 +1,44 @@ + +{{/* +{{ include "utils.image.url" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}} +*/}} +{{- define "utils.image.url" -}} +{{- $globalRegistryName := default "index.docker.io" .global.image.registry -}} +{{- $repository := .imageRoot.repository -}} +{{- $registryName := default $globalRegistryName .imageRoot.registry -}} +{{- $tag := default .global.image.tag .imageRoot.tag -}} +{{- printf "%s/%s:%s" $registryName $repository $tag -}} +{{- end -}} + +{{/* +{{ include "utils.image" (dict "imageRoot" .Values.sawtooth.containers.validator.image "global" .Values.global)}} +*/}} +{{- define "utils.image" -}} +image: {{ include "utils.image.url" . }} +imagePullPolicy: {{ default "IfNotPresent" .imageRoot.pullPolicy }} +{{- end -}} + +{{/* */}} +{{- define "utils.hostaliases" -}} +{{- if .Values.hostAliases -}} +{{ toYaml .Values.hostAliases }} +{{- end -}} +{{- end -}} + +{{- define "utils.k8s.image" -}} +{{- include "utils.image" (dict "imageRoot" .Values.utils.k8s.image "global" .Values.global) -}} +{{- end -}} + +{{/* +{{ include "utils.call-nested" (list . "subchart" "template_name") }} +*/}} +{{- define "utils.call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} diff --git a/charts/btp/chronicle/templates/chronicle-config.yaml b/charts/btp/chronicle/templates/chronicle-config.yaml new file mode 100644 index 000000000..f0f114b48 --- /dev/null +++ b/charts/btp/chronicle/templates/chronicle-config.yaml @@ -0,0 +1,17 @@ +--- +{{$stlServiceName := include "lib.call-nested" (list . "sawtooth" "common.names.fullname")}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{.Release.Name}}-chronicle-config +data: + config.toml: | + [secrets] + path = "/var/lib/chronicle/secrets/" + [store] + path = "/var/lib/chronicle/store/" + address = "postgresql://{{ .Values.postgres.user }}@{{ .Values.postgres.host }}:5432/{{ .Values.postgres.database }}" + [validator] + address = "tcp://{{ include "chronicle.sawtooth.service" . }}:{{ include "chronicle.sawtooth.sawcomp" . }}" + [namespace_bindings] + default = "fd717fd6-70f1-44c1-81de-287d5e101089" diff --git a/charts/btp/chronicle/templates/chronicle-init.yaml b/charts/btp/chronicle/templates/chronicle-init.yaml new file mode 100644 index 000000000..dd9a7a95b --- /dev/null +++ b/charts/btp/chronicle/templates/chronicle-init.yaml @@ -0,0 +1,228 @@ +{{$stlServiceName := include "lib.call-nested" (list . "sawtooth" "common.names.fullname")}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: {{ include "common.names.fullname" . }}-init + labels: {{ include "chronicle.labels" . | nindent 4 }} + component: chronicle +spec: + template: + metadata: + labels: {{ include "chronicle.labels" . | nindent 8 }} + component: chronicle + spec: + restartPolicy: Never + serviceAccountName: {{ include "lib.serviceAccountName" . }} + automountServiceAccountToken: true + volumes: {{- include "lib.volumes" .Values.opa.tp.extraVolumes | nindent 8 }} + - name: shared-data + emptyDir: {} + initContainers: + - name: get-secret + image: alpine/k8s:1.24.13 + command: [ "sh", "-ec" ] + args: + - | + if kubectl get secret {{ include "chronicle.root-key.secret" . }} -n {{.Release.Namespace}} >/dev/null 2>&1; then + echo "Secret found." + kubectl get secret {{ include "chronicle.root-key.secret" . }} -n {{.Release.Namespace}} -o jsonpath='{.data.*}' | base64 -d > /shared-data/root.pem + touch /shared-data/secret-found + else + echo "Secret not found." + fi + volumeMounts: + - name: shared-data + mountPath: /shared-data + - name: generate-secret + {{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-ec"] + args: + - | + if [[ ! -f "/shared-data/root.pem" ]]; then + echo "Generating new root key." + opactl generate --output /shared-data/root.pem + else + echo "Root key already exists." + fi + env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }} + - name: RUST_LOG + value: {{ .Values.logLevel }} + - name: RUST_BACKTRACE + value: {{ .Values.backtraceLevel }} + volumeMounts: + - name: shared-data + mountPath: /shared-data + - name: create-secret + image: alpine/k8s:1.24.13 + command: [ "sh", "-ec" ] + args: + - | + if [ -f "/shared-data/secret-found" ]; then + echo "Secret already exists." + else + echo "Creating k8s secret from key." + kubectl create secret generic {{ include "chronicle.root-key.secret" . }} \ + -n {{ .Release.Namespace }} \ + --from-file=/shared-data/root.pem + fi + volumeMounts: + - name: shared-data + mountPath: /shared-data + {{ if .Values.opa.enabled }} + - name: opa-bootstrap-root + {{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-ec"] + args: + - | + wait-for-it $HOST:$PORT --timeout=0 + echo "Waiting to ensure Sawtooth validator is ready ..." + sleep 100 + + if [[ -f "/shared-data/secret-found" ]]; then + echo "Skipping root key bootstrap." + else + opactl \ + --sawtooth-address tcp://$HOST:$PORT \ + bootstrap \ + --root-key /shared-data/root.pem + fi + env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }} + - name: HOST + value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + - name: PORT + value: "{{ include "chronicle.sawtooth.sawcomp" . }}" + - name: RUST_LOG + value: {{ .Values.logLevel }} + - name: RUST_BACKTRACE + value: {{ .Values.backtraceLevel }} + volumeMounts: + - name: shared-data + mountPath: /shared-data + {{ if .Values.opa.policy.url }} + - name: wait-for-sawtooth-rest-api + {{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-ec"] + args: + - | + wait-for-it $HOST:$PORT --timeout=0 + echo "Sawtooth rest API is ready." + env: + - name: HOST + value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + - name: PORT + value: "{{ include "chronicle.sawtooth.rest" . }}" + - name: RUST_LOG + value: {{ .Values.logLevel }} + - name: RUST_BACKTRACE + value: {{ .Values.backtraceLevel }} + volumeMounts: + - name: shared-data + mountPath: /shared-data + - name: opa-settings + {{- include "lib.image" (dict "imageRoot" .Values.sawset.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-ec"] + args: + - | + if sawtooth settings list --url http://$HOST:$PORT | grep -q "chronicle.opa.policy_name"; then + echo "Skipping setting Sawtooth OPA settings." + exit 0 + else + echo "Creating Sawtooth settings batch." + sawset proposal create \ + -k /etc/sawtooth/keys/{{ $stlServiceName }}-0 \ + chronicle.opa.policy_name={{ required "opa.policy.id required!" .Values.opa.policy.id }} \ + chronicle.opa.entrypoint={{ required "opa.policy.entrypoint required!" .Values.opa.policy.entrypoint }} \ + -o /shared-data/opa-settings.batch + + echo "Submitting Sawtooth OPA settings batch." + sawtooth batch submit \ + -f /shared-data/opa-settings.batch \ + --url http://$HOST:$PORT \ + --wait 60 + fi + env: + - name: HOST + value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + - name: PORT + value: "{{ include "chronicle.sawtooth.rest" . }}" + volumeMounts: + - name: shared-data + mountPath: /shared-data + - name: validator-secret + mountPath: /etc/sawtooth/keys + readOnly: true + - name: get-policy + {{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-ec"] + args: + - | + if opactl \ + --sawtooth-address tcp://$HOST:$PORT \ + get-policy \ + --id {{ .Values.opa.policy.id }} \ + --output policy.bin >/dev/null 2>&1; then + echo "Policy already set." + touch /shared-data/policy-already-set + else + echo "Policy not found." + exit 0 + fi + env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }} + - name: HOST + value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + - name: PORT + value: "{{ include "chronicle.sawtooth.sawcomp" . }}" + - name: RUST_LOG + value: {{ .Values.logLevel }} + - name: RUST_BACKTRACE + value: {{ .Values.backtraceLevel }} + volumeMounts: + - name: shared-data + mountPath: /shared-data + - name: set-policy + {{- include "lib.image" (dict "imageRoot" .Values.opa.opaInit.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-ec"] + args: + - | + if [[ -f "/shared-data/policy-already-set" ]]; then + echo "Skipping setting policy." + exit 0 + else + echo "Policy not found on chain. Setting policy." + opactl \ + --sawtooth-address tcp://$HOST:$PORT \ + set-policy \ + --id {{ .Values.opa.policy.id }} \ + -p {{ .Values.opa.policy.url }} \ + --root-key /shared-data/root.pem + fi + env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }} + - name: HOST + value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + - name: PORT + value: "{{ include "chronicle.sawtooth.sawcomp" . }}" + - name: RUST_LOG + value: {{ .Values.logLevel }} + - name: RUST_BACKTRACE + value: {{ .Values.backtraceLevel }} + volumeMounts: + - name: shared-data + mountPath: /shared-data + {{ end }} + {{ end }} + containers: + - name: chronicle-init + image: busybox:1.36 + command: [ "sh", "-c"] + args: + - | + echo "Chronicle bootstrap and OPA settings initialization complete." + volumes: + - name: shared-data + emptyDir: {} + - name: validator-secret + configMap: + name: validator-secret diff --git a/charts/btp/chronicle/templates/chronicle-secret-volume.yaml b/charts/btp/chronicle/templates/chronicle-secret-volume.yaml new file mode 100644 index 000000000..417380c01 --- /dev/null +++ b/charts/btp/chronicle/templates/chronicle-secret-volume.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: chronicle-secrets + annotations: + "helm.sh/resource-policy": keep +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/charts/btp/chronicle/templates/id-provider-service.yaml b/charts/btp/chronicle/templates/id-provider-service.yaml new file mode 100644 index 000000000..eceaf7059 --- /dev/null +++ b/charts/btp/chronicle/templates/id-provider-service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.devIdProvider.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chronicle.id-provider.service" . }} + labels: {{ include "chronicle.labels" . | nindent 4 }} + component: test-id-provider +spec: + type: ClusterIP + clusterIP: None + sessionAffinity: ClientIP + ports: + - port: 8090 + protocol: TCP + targetPort: 8090 + name: {{ include "chronicle.id-provider.service" . }} + selector: {{ include "chronicle.labels.matchLabels" . | nindent 4 }} + component: test-id-provider +{{- end }} diff --git a/charts/btp/chronicle/templates/id-provider-statefulset.yaml b/charts/btp/chronicle/templates/id-provider-statefulset.yaml new file mode 100644 index 000000000..d25eb3295 --- /dev/null +++ b/charts/btp/chronicle/templates/id-provider-statefulset.yaml @@ -0,0 +1,28 @@ +{{- if .Values.devIdProvider.enabled }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "chronicle.id-provider.service" . }} + labels: {{ include "chronicle.labels" . | nindent 4 }} + component: test-id-provider +spec: + selector: + matchLabels: {{ include "chronicle.labels.matchLabels" . | nindent 6 }} + component: test-id-provider + serviceName: {{ include "chronicle.id-provider.service" . }} + template: + metadata: + labels: {{ include "chronicle.labels" . | nindent 8 }} + component: test-id-provider + spec: + serviceAccountName: {{ include "lib.serviceAccountName" . }} + affinity: {{ include "lib.safeToYaml" .Values.affinity | nindent 8 }} + containers: + - name: id-provider + {{- include "lib.image" (dict "imageRoot" .Values.devIdProvider.image "global" .Values.global ) | nindent 10 }} + ports: + - name: jwks + containerPort: 8090 + protocol: TCP +{{- end }} diff --git a/charts/btp/chronicle/templates/ingress.yaml b/charts/btp/chronicle/templates/ingress.yaml new file mode 100644 index 000000000..67a67d09e --- /dev/null +++ b/charts/btp/chronicle/templates/ingress.yaml @@ -0,0 +1,4 @@ +{{- $serviceName := (include "chronicle.api.service" . ) -}} +{{- $ingressName := printf "%s" $serviceName -}} +{{- $servicePort := .Values.port | int -}} +{{ include "lib.ingress" (dict "ingressName" $ingressName "ingress" .Values.ingress "serviceName" $serviceName "servicePort" $servicePort "context" $) }} diff --git a/charts/btp/chronicle/templates/pernode-opa-tp-service.yaml b/charts/btp/chronicle/templates/pernode-opa-tp-service.yaml new file mode 100644 index 000000000..c0a893188 --- /dev/null +++ b/charts/btp/chronicle/templates/pernode-opa-tp-service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.opa.enabled }} +{{- $ctx := . -}} +{{ range untilStep 0 ((include "tp.replicas" $ctx) | int) 1 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" $ctx }}-opa-tp-{{ . }} + labels: {{- include "lib.labels" $ctx | nindent 4 }} + per-node: {{ include "common.names.fullname" $ctx }}-{{ . }} + component: opa-tp +spec: + type: ClusterIP + clusterIP: None + sessionAffinity: ClientIP + selector: {{- include "common.labels.matchLabels" $ctx | nindent 4 }} + component: opa-tp + statefulset.kubernetes.io/pod-name: {{ include "common.names.fullname" $ctx }}-{{ . }} +{{- end -}} +{{- end }} diff --git a/charts/btp/chronicle/templates/pernode-tp-service.yaml b/charts/btp/chronicle/templates/pernode-tp-service.yaml new file mode 100644 index 000000000..2bdfcce24 --- /dev/null +++ b/charts/btp/chronicle/templates/pernode-tp-service.yaml @@ -0,0 +1,18 @@ +{{- $ctx := . -}} +{{ range untilStep 0 ((include "tp.replicas" $ctx) | int) 1 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" $ctx }}-tp-{{ . }} + labels: {{- include "lib.labels" $ctx | nindent 4 }} + per-node: {{ include "common.names.fullname" $ctx }}-{{ . }} + component: chronicle-tp +spec: + type: ClusterIP + clusterIP: None + sessionAffinity: ClientIP + selector: {{- include "common.labels.matchLabels" $ctx | nindent 4 }} + component: chronicle-tp + statefulset.kubernetes.io/pod-name: {{ include "common.names.fullname" $ctx }}-{{ . }} +{{- end -}} diff --git a/charts/btp/chronicle/templates/secrets-roles.yaml b/charts/btp/chronicle/templates/secrets-roles.yaml new file mode 100644 index 000000000..e56f3e083 --- /dev/null +++ b/charts/btp/chronicle/templates/secrets-roles.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "common.names.fullname" . }}-secrets-role + namespace: {{.Release.Namespace}} +rules: + - apiGroups: + - "" # "" refers to the core API group + resources: + - secrets + verbs: + - create + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "common.names.fullname" . }}-secrets-role-rb + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.names.fullname" . }}-secrets-role +subjects: +- kind: ServiceAccount + name: {{ include "lib.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/btp/chronicle/templates/service.yaml b/charts/btp/chronicle/templates/service.yaml new file mode 100644 index 000000000..b7f9f06bd --- /dev/null +++ b/charts/btp/chronicle/templates/service.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chronicle.api.service" . }} + labels: {{ include "chronicle.labels" . | nindent 4 }} + component: chronicle +spec: + type: ClusterIP + sessionAffinity: ClientIP + ports: + - port: {{ .Values.port }} + protocol: TCP + targetPort: {{ .Values.port }} + name: chronicle + selector: {{ include "chronicle.labels.matchLabels" . | nindent 4 }} + component: chronicle diff --git a/charts/btp/chronicle/templates/serviceaccount.yaml b/charts/btp/chronicle/templates/serviceaccount.yaml new file mode 100644 index 000000000..c67cc27fd --- /dev/null +++ b/charts/btp/chronicle/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lib.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{ if .Values.imagePullSecrets.enabled }} +imagePullSecrets: +{{range .Values.imagePullSecrets.value }} + - name: {{ .name }} +{{ end }} +{{ end }} diff --git a/charts/btp/chronicle/templates/statefulset.yaml b/charts/btp/chronicle/templates/statefulset.yaml new file mode 100644 index 000000000..c2ebb8959 --- /dev/null +++ b/charts/btp/chronicle/templates/statefulset.yaml @@ -0,0 +1,193 @@ +{{$stlServiceName := include "lib.call-nested" (list . "sawtooth" "common.names.fullname")}} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }}-chronicle + labels: {{ include "chronicle.labels" . | nindent 4 }} + component: chronicle +spec: + replicas: {{ include "chronicle.replicas" . }} + selector: + matchLabels: {{ include "chronicle.labels.matchLabels" . | nindent 6 }} + component: chronicle + serviceName: {{ include "common.names.fullname" . }} + template: + metadata: + labels: {{ include "chronicle.labels" . | nindent 8 }} + component: chronicle + spec: + serviceAccountName: {{ include "lib.serviceAccountName" . }} + affinity: {{ include "lib.safeToYaml" .Values.affinity | nindent 8 }} + initContainers: + - name: chronicle-permissions + image: busybox:1.36 + command: [ "sh", "-c"] + args: + - | + chown -R 999:999 /var/lib/chronicle || true + volumeMounts: + - name: chronicle-config + mountPath: /etc/chronicle/config/ + - name: chronicle-secrets + mountPath: /var/lib/chronicle/secrets/ + readOnly: false + - name: chronicle-keystore + {{- include "lib.image" (dict "imageRoot" .Values.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-c"] + args: + - | + /usr/local/bin/chronicle \ + -c /etc/chronicle/config/config.toml \ + verify-keystore + env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }} + - name: RUST_LOG + value: {{ .Values.logLevel }} + volumeMounts: + - name: chronicle-config + mountPath: /etc/chronicle/config/ + - name: chronicle-secrets + mountPath: /var/lib/chronicle/secrets/ + readOnly: false + {{- if and .Values.opa.enabled .Values.opa.policy.url }} + - name: wait-for-opa-settings + {{- include "lib.image" (dict "imageRoot" .Values.sawset.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-exc"] + args: + - | + keepTrying=true + while [ $keepTrying = "true" ]; do + if sawtooth settings list --url http://$HOST:$PORT | grep -q "chronicle.opa.policy_name"; then + break + else + echo "Waiting for OPA policy id." + sleep 10 + fi + done + env: + - name: HOST + value: {{ $stlServiceName }}.{{ .Release.Namespace }}.svc.cluster.local + - name: PORT + value: "{{ include "chronicle.sawtooth.rest" . }}" + {{- end }} + containers: + {{- if .Values.postgres.enabled }} + - name: postgres + {{- include "lib.image" (dict "imageRoot" .Values.postgres.image "global" .Values.global ) | nindent 10 }} + ports: + - containerPort: {{.Values.postgres.port }} + resources: {{- include "lib.safeToYaml" .Values.postgres.resources | nindent 12 }} + env: + - name: PGDATA + value: /data/chronicle + - name: POSTGRES_PASSWORD + {{- if .Values.postgres.existingPasswordSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.postgres.existingPasswordSecret }} + key: {{ .Values.postgres.existingPasswordSecretKey }} + {{- else }} + value: {{ .Values.postgres.password }} + {{- end }} + {{- include "lib.safeToYaml" .Values.postgres.env | nindent 12 }} + volumeMounts: + - mountPath: /data + name: "pgdata" + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + - name: chronicle + {{- include "lib.image" (dict "imageRoot" .Values.image "global" .Values.global ) | nindent 10 }} + ports: + - containerPort: {{ .Values.port }} + command: [ "bash", "-c"] + args: + - | + {{ if .Values.auth.required }} + {{ if and (not .Values.auth.jwks.url) (not .Values.auth.userinfo.url) (not .Values.devIdProvider.enabled) }} + {{ required "If auth.required you need to provide at least auth.jwks.url or auth.userinfo.url" .Values.auth.jwks.url }} + {{ end }} + {{ end }} + + echo "Waiting 20 seconds for postgres to start"; + sleep 20; + chronicle \ + -c /etc/chronicle/config/config.toml \ + --console-logging json \ + --sawtooth tcp://{{ include "chronicle.sawtooth.service" . }}:{{ include "chronicle.sawtooth.sawcomp" . }} \ + --remote-database \ + --database-name {{ .Values.postgres.database }} \ + --database-username {{ .Values.postgres.user }} \ + --database-host {{ .Values.postgres.host }} \ + {{- if not .Values.opa.enabled }} + --embedded-opa-policy \ + {{- end }} + serve-api \ + --interface 0.0.0.0:{{ .Values.port}} \ + {{- if .Values.auth.required }} + --require-auth \ + --id-claims {{ .Values.auth.id.claims }} \ + {{- if .Values.auth.jwks.enabled }} + --jwks-address {{ include "chronicle.jwksUrl" . }} \ + {{- end }} + {{- if .Values.auth.userinfo.url }} + --userinfo-address {{ include "chronicle.userinfoUrl" . }} \ + {{- end }} + {{- end }} + ; + env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }} + - name: RUST_LOG + value: {{ .Values.logLevel }} + - name: PGPASSWORD + {{- if .Values.postgres.existingPasswordSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.postgres.existingPasswordSecret }} + key: {{ .Values.postgres.existingPasswordSecretKey }} + {{- else }} + value: {{ .Values.postgres.password }} + {{- end }} + {{- include "lib.safeToYaml" .Values.postgres.env | nindent 12 }} + resources: {{- include "lib.safeToYaml" .Values.resources | nindent 12 }} + volumeMounts: + - name: chronicle-config + mountPath: /etc/chronicle/config/ + - name: chronicle-secrets + mountPath: /var/lib/chronicle/secrets/ + readOnly: true + - name: chronicle-data + mountPath: /var/lib/chronicle/store/ + {{- include "lib.volumeMounts" .Values.extraVolumeMounts | nindent 12 }} + volumes: + - name: chronicle-secrets + persistentVolumeClaim: + claimName: chronicle-secrets + - name: chronicle-data + persistentVolumeClaim: + claimName: chronicle-data + - name: chronicle-config + configMap: + name: {{ .Release.Name }}-chronicle-config +{{- if not .Values.postgres.persistence.enabled }} + - name: "pgdata" + emptyDir: {} +{{- end }} + volumeClaimTemplates: + - metadata: + name: chronicle-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 6Gi +{{- if .Values.postgres.persistence.enabled }} + - metadata: + name: "pgdata" + annotations: {{- include "lib.safeToYaml" .Values.postgres.persistence.annotations | nindent 10 }} + spec: + accessModes: {{- include "lib.safeToYaml" .Values.postgres.persistence.accessModes | nindent 10 }} + storageClassName: {{ .Values.postgres.persistence.storageClass | quote }} + resources: + requests: + storage: {{ .Values.postgres.persistence.size | quote }} +{{- end }} diff --git a/charts/btp/chronicle/templates/test-token-getter-roles.yaml b/charts/btp/chronicle/templates/test-token-getter-roles.yaml new file mode 100644 index 000000000..cedecdb18 --- /dev/null +++ b/charts/btp/chronicle/templates/test-token-getter-roles.yaml @@ -0,0 +1,37 @@ +{{- if .Values.test.enabled }} +{{- if .Values.auth.required }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "common.names.fullname" . }}-test-token-getter-role + namespace: {{.Release.Namespace}} +rules: + - apiGroups: + - "" # "" refers to the core API group + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" # "" refers to the core API group + resources: + - pods + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "common.names.fullname" . }}-test-token-getter-rb + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.names.fullname" . }}-test-token-getter-role +subjects: +- kind: ServiceAccount + name: {{ include "lib.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/btp/chronicle/templates/tests/api-test.yaml b/charts/btp/chronicle/templates/tests/api-test.yaml new file mode 100644 index 000000000..152371400 --- /dev/null +++ b/charts/btp/chronicle/templates/tests/api-test.yaml @@ -0,0 +1,95 @@ +{{- if .Values.test.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.names.fullname" . }}-api-test + labels: {{ include "chronicle.labels" . | nindent 4 }} + component: api-test + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + backoffLimit: 0 + template: + spec: + restartPolicy: Never + serviceAccountName: {{ include "lib.serviceAccountName" . }} + automountServiceAccountToken: true + initContainers: + {{- if .Values.auth.required }} + - name: wait-for-id-provider + {{- include "lib.image" (dict "imageRoot" .Values.test.api.image "global" .Values.global ) | nindent 10 }} + command: [ "sh", "-ec" ] + args: + - | + URL={{ include "chronicle.jwksUrl" . }} + scheme=$(echo $URL | cut -f 1 -d :) + hostAndPort=$(echo $URL | cut -f 3 -d /) + HOST=$(echo $hostAndPort | cut -f 1 -d :) + port=$(echo $hostAndPort | awk -F: '{print $2}') + if [ "$scheme" = "http" ]; then + defaultPort=80 + elif [ "$scheme" = "https" ]; then + defaultPort=443 + else + defaultPort=80 + fi + PORT=${port:-$defaultPort} + echo "Waiting for id-provider to be ready ..." + wait-for-it $HOST:$PORT --timeout=0 + echo "Id-provider is ready. Exiting." + - name: token-loader + image: alpine/k8s:1.24.13 + command: [ "sh", "-ec" ] + args: + - | + echo "Waiting to ensure id-provider is ready ..." + sleep 20 + echo "Getting token from id-provider ..." + kubectl exec {{ include "chronicle.id-provider.service" . }}-0 -c id-provider -- oauth-token > /shared-data/jwks-token + echo "Token loaded. Exiting." + volumeMounts: + - name: shared-data + mountPath: /shared-data + {{- end }} + containers: + - name: test + {{- include "lib.image" (dict "imageRoot" .Values.test.api.image "global" .Values.global ) | nindent 10 }} + command: [ "sh", "-ec" ] + args: + - | + API={{ include "chronicle.api.service" . }} + export PORT={{ .Values.port }} + echo "Waiting for API to be ready ..." + wait-for-it $API:$PORT --timeout=0 + echo "Getting IP address for API ..." + getent hosts $API | cut -f 1 -d \ | head -n 1 > /shared-data/api-ip || exit 1 + + {{- if .Values.auth.required }} + if [ -f "/shared-data/jwks-token" ]; then + echo "Found token." + sleep 5 + export TOKEN=$(cat "/shared-data/jwks-token") + fi + {{- end }} + export HOST=$(cat /shared-data/api-ip) + echo "Testing API with subscribe-submit-test..." + subscribe-submit-test + exit_code=$? + if [ $exit_code -eq 0 ]; then + echo "Test complete." + exit $exit_code + else + echo "Test failed." + exit $exit_code + fi + env: + - name: REQUIRE_AUTH + value: {{ .Values.auth.required | quote }} + volumeMounts: + - name: shared-data + mountPath: /shared-data + volumes: {{- include "lib.volumes" .Values.opa.tp.extraVolumes | nindent 8 }} + - name: shared-data + emptyDir: {} +{{- end }} diff --git a/charts/btp/chronicle/templates/tp-service.yaml b/charts/btp/chronicle/templates/tp-service.yaml new file mode 100644 index 000000000..de0d5c7cd --- /dev/null +++ b/charts/btp/chronicle/templates/tp-service.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-tp + labels: {{ include "chronicle.labels" . | nindent 4 }} + component: chronicle-tp +spec: + type: ClusterIP + clusterIP: None + sessionAffinity: ClientIP + selector: {{ include "chronicle.labels.matchLabels" . | nindent 4 }} + component: chronicle-tp diff --git a/charts/btp/chronicle/templates/tp-statefulset.yaml b/charts/btp/chronicle/templates/tp-statefulset.yaml new file mode 100644 index 000000000..25b685059 --- /dev/null +++ b/charts/btp/chronicle/templates/tp-statefulset.yaml @@ -0,0 +1,77 @@ +{{$stlServiceName := include "lib.call-nested" (list . "sawtooth" "common.names.fullname")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "common.names.fullname" . }}-tp + labels: {{ include "chronicle.labels" . | nindent 4 }} + component: chronicle-tp +spec: + replicas: {{ include "tp.replicas" . }} + serviceName: {{ include "common.names.fullname" . }}-tp + podManagementPolicy: Parallel + updateStrategy: + type: RollingUpdate + {{ if (semverCompare "^1.22" .Capabilities.KubeVersion.Version) -}} + minReadySeconds: {{ .Values.tp.minReadySeconds | int }} + {{- end }} + selector: + matchLabels: {{ include "chronicle.labels.matchLabels" . | nindent 6 }} + component: chronicle-tp + template: + metadata: + labels: {{- include "chronicle.labels" . | nindent 8 }} + component: chronicle-tp + annotations: {{- include "lib.safeToYaml" .Values.podAnnotations | nindent 8 }} + spec: + serviceAccountName: {{ include "lib.serviceAccountName" . }} + affinity: {{ include "lib.safeToYaml" .Values.affinity | nindent 8 }} + hostAliases: + containers: + - name: chronicle-tp + {{- include "lib.image" (dict "imageRoot" .Values.tp.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-c"] + args: + - | + HOST={{ $stlServiceName }}-${HOST##*-}.{{ .Release.Namespace }}.svc.cluster.local + PORT={{ include "chronicle.sawtooth.sawcomp" . }} + echo tcp://$HOST:$PORT && + /usr/local/bin/chronicle_sawtooth_tp \ + --console-logging json \ + --connect tcp://$HOST:$PORT + resources: {{- include "lib.safeToYaml" .Values.tp.resources | nindent 12 }} + env: + - name: RUST_LOG + value: {{ .Values.tp.logLevel }} + - name: HOST + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- include "lib.safeToYaml" .Values.tp.env | nindent 12 }} + volumeMounts: {{- include "lib.volumeMounts" .Values.tp.extraVolumeMounts | nindent 12 }} + {{- if .Values.opa.enabled }} + - name: opa-tp + {{- include "lib.image" (dict "imageRoot" .Values.opa.tp.image "global" .Values.global ) | nindent 10 }} + command: [ "bash", "-xc"] + args: + - | + HOST={{ $stlServiceName }}-${HOST##*-}.{{ .Release.Namespace }}.svc.cluster.local + PORT={{ include "chronicle.sawtooth.sawcomp" . }} + wait-for-it $HOST:$PORT --timeout=0 + echo tcp://$HOST:$PORT && + /usr/local/bin/opa-tp \ + -C tcp://$HOST:$PORT \ + --console-logging json + resources: {{- include "lib.safeToYaml" .Values.opa.tp.resources | nindent 12 }} + env: {{ include "lib.safeToYaml" .Values.env | nindent 12 }} + - name: RUST_LOG + value: {{ .Values.logLevel }} + - name: RUST_BACKTRACE + value: {{ .Values.backtraceLevel }} + - name: HOST + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- include "lib.safeToYaml" .Values.tp.env | nindent 12 }} + volumeMounts: {{- include "lib.volumeMounts" .Values.opa.tp.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: {{- include "lib.volumes" .Values.tp.extraVolumes | nindent 8 }} diff --git a/charts/btp/chronicle/values.yaml b/charts/btp/chronicle/values.yaml new file mode 100644 index 000000000..84018a1e6 --- /dev/null +++ b/charts/btp/chronicle/values.yaml @@ -0,0 +1,234 @@ +--- +## @md # Chronicle +## @md +## @md | field | description | default | +## @md |-|-|-| + +global: + image: + tag: + +## @md | `affinity`| custom affinity rules for the chronicle pod | {} | +affinity: {} + +auth: + ## @md | `auth.required` | if true require authentication | false | + required: false + id: + claims: email + jwks: + enabled: true + url: + userinfo: + url: + +## @md | `backtraceLevel` | backtrace level for Chronicle | nil | +backtraceLevel: full + +devIdProvider: + enabled: true + ## @md | `devIdProvider.image` | the image to use for the id-provider container | blockchaintp/id-provider | + image: + ## @md | `devIdProvider.image.pullPolicy` | the image pull policy | IfNotPresent | + pullPolicy: IfNotPresent + ## @md | `devIdProvider.image.repository` | the image repository | blockchaintp/id-provider | + repository: blockchaintp/id-provider-amd64 + ## @md | `devIdProvider.image.tag` | the image tag | latest | + tag: BTP2.1.0-0.7.3 + +## @md | `extraVolumes` | a list of additional volumes to add to chronicle | [] | +extraVolumes: [] +## @md | `extraVolumeMounts` | a list of additional volume mounts to add to chronicle | [] | +extraVolumeMounts: [] + +image: + ## @md | `image.repository` | the repository of the image | blockchaintp/chronicle | + repository: blockchaintp/chronicle-amd64 + ## @md | `image.tag`| the tag of the image to use | latest | + tag: BTP2.1.0-0.7.3 + ## @md | `image.pullPolicy` | the image pull policy to use | IfNotPresent | + pullPolicy: IfNotPresent + +imagePullSecrets: + ## @md | `imagePullSecrets.enabled`| if true use the list of named imagePullSecrets | false | + enabled: false + ## @md | `imagePullSecrets.value`| a list if named secret references of the form `- name: secretName`| [] | + value: [] + +ingress: + ## @md | `ingress.apiVersion` | if necessary the apiVersion of the ingress may be overridden | "" | + apiVersion: "" + ## @md | `ingress.enabled` | true to enable the ingress to the main service rest-api | false | + enabled: false + ## @md | `ingress.certManager` | true to enable the acme certmanager for this ingress | false | + certManager: false + ## @md | `ingress.hostname` | primary hostname for the ingress | false | + hostname: + ## @md | `ingress.path` | path for the ingress's primary hostname | / | + path: / + ## @md | `ingress.pathType` | pathType for the ingress's primary hostname | nil | + pathType: + ## @md | `ingress.annotations` | annotations for the ingress | {} | + annotations: {} + ## @md | `ingress.tls` | true to enable tls on the ingress with a secrete at hostname-tls | false | + tls: false + ## @md | `ingress.extraHosts` | list of extra hosts to add to the ingress | [] | + extraHosts: [] + ## @md | `ingress.extraPaths` | list of extra paths to add to the primary host of the ingress | [] | + extraPaths: [] + ## @md | `ingress.extraTls` | list of extra tls entries | [] | + extraTls: [] + ## @md | `ingress.hosts`| list of ingress host and path declarations for the chronicle ingress| [] | + hosts: [] + # - host: chart-example.local + # paths: + # - / + +## @md | `logLevel` | log level for Chronicle | info | +logLevel: info + +opa: + ## @md | `opa.enabled` | if true set up a full OPA enabled setup | true | + enabled: true + opaInit: + ## @md | `opa.init.image` | the image to use for the chronicle-init container | blockchaintp/chronicle-opa-init | + image: + ## @md | `image.pullPolicy` | the image pull policy to use | IfNotPresent | + pullPolicy: IfNotPresent + ## @md | `image.repository` | the repository of the image | blockchaintp/chronicle | + repository: blockchaintp/opactl-amd64 + ## @md | `image.tag`| the tag of the image to use | latest | + tag: BTP2.1.0-0.7.3 + policy: + entrypoint: allow_transactions.allowed_users + id: allow_transactions + url: file:///app/policies/bundle.tar.gz + tp: + image: + ## @md | `image.repository` | the repository of the image | blockchaintp/chronicle | + repository: blockchaintp/opa-tp-amd64 + ## @md | `image.tag`| the tag of the image to use | latest | + tag: BTP2.1.0-0.7.3 + ## @md | `image.pullPolicy` | the image pull policy to use | IfNotPresent | + pullPolicy: IfNotPresent + ## @md | `opa.tp.resources` | resources | map | nil | + resources: + ## @md | `opa.tp.extraVolumes` | extra volumes declarations for the opa-tp deployment | list | nil + extraVolumes: + ## @md | `opa.tp.extraVolumeMounts` | extra volume mounts for opa-tp deployment | list | nil + extraVolumeMounts: + +## @md | `port` | the port on which the chronicle service listens | 9982 | +port: 9982 + +## @md | `replicas` | number of Chronicle replicas to run | 1 | +replicas: 1 + +serviceAccount: + ## @md | `serviceAccount.create` | true to create a service account | false | + create: true + ## @md | `serviceAccount.name` | name of the service account | nil (defaults to based on release name) | + name: + +test: + ## @md | `test.enabled` | true to enable test Jobs and Services | true | + enabled: true + api: + ## @md | `api-test-container.image` | the image to use for the api-test container | blockchaintp/chronicle-api-test | + image: + ## @md | `test.api.image.pullPolicy` | the image pull policy | IfNotPresent | + pullPolicy: IfNotPresent + ## @md | `test.api.image.repository` | the image repository | blockchaintp/chronicle-helm-api-test | + repository: blockchaintp/chronicle-helm-api-test-amd64 + ## @md | `test.api.image.tag` | the image tag | latest | + tag: BTP2.1.0-0.7.3 + +postgres: + # if enabled we allocate a postgres database here + ## @md | `postgres.enabled` | if true create an internal postgres instance | boolean | true | + enabled: true + ## @md | `postgres.env` | postgres environment variables | map | N/A | + env: + image: + registry: + ## @md | `postgres.image.repository` | postgres image repository | string | "postgres" | + repository: postgres + ## @md | `postgres.image.tag` | postgres image tag | string | "11" | + tag: "11" + ## @md | `postgres.user` | user for the postgres database | string | "postgres" | + user: postgres + ## @md | `postgres.host` | host for the postgres database | string | "localhost" | + host: localhost + ## @md | `postgres.database` | database for the postgres database | string | "postgres" | + database: postgres + ## @md | `postgres.port` | port for the postgres database | int | 5432 | + port: 5432 + ## @md | `postgres.password` | password for the postgres database | string | "postgres" | + password: postgres + ## @md | `postgres.existingPasswordSecret` | name of a secret containing the postgres password | string | nil | + existingPasswordSecret: + ## @md | `postgres.existingPasswordSecret` | name of the key in a secret containing the postgres password | string | nil | + existingPasswordSecretKey: + ## @md | `postgres.tls` | postgres TLS configuration | string | nil | + tls: + ## @md | `postgres.persistence` | postgres persistence settings | map | N/A | + persistence: + ## @md | `postgres.persistence.enabled` | if true allocate a PVC for the postgres instance | boolean | false | + enabled: false + ## @md | `postgres.persistence.annotations` | any custom annotations to the postgres PVC's | map | {} | + annotations: {} + ## @md | `postgres.persistence.accessModes` | postgres PVC access modes | list | [ "ReadWriteOnce" ] | + accessModes: + - "ReadWriteOnce" + ## if set to "-" (empty string) then storageClassName: "", which disables dynamic provisioning + ## if undefined or set to null, no storageClassName is set and the clusters default StorageClass will be used + ## if a storageClass name is set then storageClassName: "setValue" + ## @md | `postgres.persistence.storageClass` | postgres PVC storageClass | string | nil | + storageClass: + ## @md | `postgres.persistence.size` | postgres PVC volume size | string | "40Gi" | + size: "40Gi" + ## @md | `postgres.resources` | resources | map | nil | + resources: + +## @md | `resources` | resources | map | nil | +resources: + +sawset: + image: + ## @md | `sawset.image.pullPolicy` | the image pull policy | IfNotPresent | + pullPolicy: IfNotPresent + ## @md | `sawset.image.repository` | the image repository | blockchaintp/sawtooth-validator | + repository: blockchaintp/sawtooth-validator + ## @md | `sawset.image.tag` | the image tag | latest | + tag: BTP2.1.0 + +tp: + ## @md | `tp.args` | a string of arguments to pass to the tp container| nil | + args: + image: + ## @md | `tp.image.pullPolicy` | the image pull policy | IfNotPresent | + pullPolicy: IfNotPresent + ## @md | `tp.image.repository` | the image repository | blockchaintp/chronicle-tp | + repository: blockchaintp/chronicle-tp-amd64 + ## @md | `tp.image.tag` | the image tag | latest | + tag: BTP2.1.0-0.7.3 + ## @md | `tp.extraVolumes` | extra volumes declarations for the chronicle-tp deployment | list | nil + extraVolumes: + ## @md | `tp.extraVolumeMounts` | extra volume mounts for chronicle-tp deployment | list | nil + extraVolumeMounts: + ## @md | `tp.resources` | resources | map | nil | + resources: + ## @md | `tp.maxUnavailable` | maximum unavailable nodes during a rolling upgrade | + maxUnavailable: 1 + ## @md | `tp.minReadySeconds` | minimum time before node becomes available | + minReadySeconds: 0 + logLevel: info + +volumes: {} + +## @md | `sawtooth` | sawtooth options may be configured | see [Sawtooth](../sawtooth/README.md) | +sawtooth: + sawtooth: + consensus: 400 + statefulset: + enabled: true diff --git a/charts/cockroach-labs/cockroachdb/Chart.yaml b/charts/cockroach-labs/cockroachdb/Chart.yaml index f82fddf8c..8ead84cdb 100644 --- a/charts/cockroach-labs/cockroachdb/Chart.yaml +++ b/charts/cockroach-labs/cockroachdb/Chart.yaml @@ -14,4 +14,4 @@ maintainers: name: cockroachdb sources: - https://github.com/cockroachdb/cockroach -version: 11.0.4 +version: 11.0.5 diff --git a/charts/cockroach-labs/cockroachdb/templates/_helpers.tpl b/charts/cockroach-labs/cockroachdb/templates/_helpers.tpl index 81614668b..9ef769a70 100644 --- a/charts/cockroach-labs/cockroachdb/templates/_helpers.tpl +++ b/charts/cockroach-labs/cockroachdb/templates/_helpers.tpl @@ -51,11 +51,11 @@ Create chart name and version as used by the chart label. {{/* Create the name of the ServiceAccount to use. */}} -{{- define "cockroachdb.tls.serviceAccount.name" -}} -{{- if .Values.tls.serviceAccount.create -}} - {{- default (include "cockroachdb.fullname" .) .Values.tls.serviceAccount.name -}} +{{- define "cockroachdb.serviceAccount.name" -}} +{{- if .Values.statefulset.serviceAccount.create -}} + {{- default (include "cockroachdb.fullname" .) .Values.statefulset.serviceAccount.name -}} {{- else -}} - {{- default "default" .Values.tls.serviceAccount.name -}} + {{- default "default" .Values.statefulset.serviceAccount.name -}} {{- end -}} {{- end -}} @@ -274,7 +274,7 @@ Validate that if user enabled tls, then either self-signed certificates or certi {{- end -}} {{- define "cockroachdb.securityContext.versionValidation" }} -{{/* Allow using `securityContext` for custom images. */}} +{{- /* Allow using `securityContext` for custom images. */}} {{- if ne "cockroachdb/cockroach" .Values.image.repository -}} {{ print true }} {{- else -}} diff --git a/charts/cockroach-labs/cockroachdb/templates/clusterrolebinding.yaml b/charts/cockroach-labs/cockroachdb/templates/clusterrolebinding.yaml index 1f7cdff88..3c18694ef 100644 --- a/charts/cockroach-labs/cockroachdb/templates/clusterrolebinding.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/clusterrolebinding.yaml @@ -18,6 +18,6 @@ roleRef: name: {{ template "cockroachdb.clusterfullname" . }} subjects: - kind: ServiceAccount - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} + name: {{ template "cockroachdb.serviceAccount.name" . }} namespace: {{ .Release.Namespace | quote }} {{- end }} \ No newline at end of file diff --git a/charts/cockroach-labs/cockroachdb/templates/job.init.yaml b/charts/cockroach-labs/cockroachdb/templates/job.init.yaml index 5806aed0d..2de404609 100644 --- a/charts/cockroach-labs/cockroachdb/templates/job.init.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/job.init.yaml @@ -57,8 +57,8 @@ spec: - name: {{ template "cockroachdb.fullname" . }}.self-signed-certs.registry {{- end }} {{- end }} + serviceAccountName: {{ template "cockroachdb.serviceAccount.name" . }} {{- if .Values.tls.enabled }} - serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} initContainers: - name: copy-certs image: {{ .Values.tls.copyCerts.image | quote }} @@ -203,7 +203,7 @@ spec: local exitCode="$?"; - if [[ "$exitCode" == "0" ]] + if [[ "$exitCode" -eq "0" ]] then break; fi diff --git a/charts/cockroach-labs/cockroachdb/templates/networkpolicy.yaml b/charts/cockroach-labs/cockroachdb/templates/networkpolicy.yaml index 1739c45e5..d41afa32b 100644 --- a/charts/cockroach-labs/cockroachdb/templates/networkpolicy.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/networkpolicy.yaml @@ -2,7 +2,7 @@ kind: NetworkPolicy apiVersion: {{ template "cockroachdb.networkPolicy.apiVersion" . }} metadata: - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} + name: {{ template "cockroachdb.serviceAccount.name" . }} namespace: {{ .Release.Namespace | quote }} labels: helm.sh/chart: {{ template "cockroachdb.chart" . }} diff --git a/charts/cockroach-labs/cockroachdb/templates/poddisruptionbudget.yaml b/charts/cockroach-labs/cockroachdb/templates/poddisruptionbudget.yaml index 36c1f0604..f707e4054 100644 --- a/charts/cockroach-labs/cockroachdb/templates/poddisruptionbudget.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/poddisruptionbudget.yaml @@ -1,5 +1,5 @@ kind: PodDisruptionBudget -{{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) }} +{{- if or (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version) }} apiVersion: policy/v1 {{- else }} apiVersion: policy/v1beta1 diff --git a/charts/cockroach-labs/cockroachdb/templates/rolebinding.yaml b/charts/cockroach-labs/cockroachdb/templates/rolebinding.yaml index c65441b42..00d9f9a55 100644 --- a/charts/cockroach-labs/cockroachdb/templates/rolebinding.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/rolebinding.yaml @@ -18,6 +18,6 @@ roleRef: name: {{ template "cockroachdb.fullname" . }} subjects: - kind: ServiceAccount - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} + name: {{ template "cockroachdb.serviceAccount.name" . }} namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/charts/cockroach-labs/cockroachdb/templates/serviceaccount.yaml b/charts/cockroach-labs/cockroachdb/templates/serviceaccount.yaml index 294d6188d..3af9be9aa 100644 --- a/charts/cockroach-labs/cockroachdb/templates/serviceaccount.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/serviceaccount.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.tls.enabled .Values.tls.serviceAccount.create }} +{{- if .Values.statefulset.serviceAccount.create }} kind: ServiceAccount apiVersion: v1 metadata: - name: {{ template "cockroachdb.tls.serviceAccount.name" . }} + name: {{ template "cockroachdb.serviceAccount.name" . }} namespace: {{ .Release.Namespace | quote }} labels: helm.sh/chart: {{ template "cockroachdb.chart" . }} @@ -12,9 +12,9 @@ metadata: {{- with .Values.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- if .Values.tls.serviceAccount.annotations }} + {{- if .Values.statefulset.serviceAccount.annotations }} annotations: - {{- with .Values.tls.serviceAccount.annotations }} + {{- with .Values.statefulset.serviceAccount.annotations }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/charts/cockroach-labs/cockroachdb/templates/statefulset.yaml b/charts/cockroach-labs/cockroachdb/templates/statefulset.yaml index 782177cf7..c8a11406d 100644 --- a/charts/cockroach-labs/cockroachdb/templates/statefulset.yaml +++ b/charts/cockroach-labs/cockroachdb/templates/statefulset.yaml @@ -50,8 +50,7 @@ spec: - name: {{ template "cockroachdb.fullname" . }}.self-signed-certs.registry {{- end }} {{- end }} - {{- if .Values.tls.enabled }} - serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} + serviceAccountName: {{ template "cockroachdb.serviceAccount.name" . }} {{- if .Values.tls.enabled }} initContainers: - name: copy-certs @@ -75,7 +74,6 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} - {{- end }} {{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} affinity: {{- with .Values.statefulset.nodeAffinity }} diff --git a/charts/cockroach-labs/cockroachdb/values.yaml b/charts/cockroach-labs/cockroachdb/values.yaml index 2d8b5b8b2..57c5b33d5 100644 --- a/charts/cockroach-labs/cockroachdb/values.yaml +++ b/charts/cockroach-labs/cockroachdb/values.yaml @@ -265,6 +265,16 @@ statefulset: securityContext: enabled: true + serviceAccount: + # Specifies whether this ServiceAccount should be created. + create: true + # The name of this ServiceAccount to use. + # If not set and `create` is `true`, then service account is auto-generated. + # If not set and `create` is `false`, then it uses default service account. + name: "" + # Additional serviceAccount annotations (e.g. for attaching AWS IAM roles to pods) + annotations: {} + service: ports: # You can set a different external and internal gRPC ports and their name. @@ -439,14 +449,6 @@ init: # Whether to run securely using TLS certificates. tls: enabled: true - serviceAccount: - # Specifies whether this ServiceAccount should be created. - create: true - # The name of this ServiceAccount to use. - # If not set and `create` is `true`, then a name is auto-generated. - name: "" - # Additional serviceAccount annotations (e.g. for attaching AWS IAM roles to pods) - annotations: {} copyCerts: image: busybox certs: diff --git a/charts/instana/instana-agent/Chart.yaml b/charts/instana/instana-agent/Chart.yaml index ac4d7c962..a62377d44 100644 --- a/charts/instana/instana-agent/Chart.yaml +++ b/charts/instana/instana-agent/Chart.yaml @@ -9,7 +9,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: instana-agent apiVersion: v2 -appVersion: 1.251.0 +appVersion: 1.252.0 description: Instana Agent for Kubernetes home: https://www.instana.com/ icon: https://agents.instana.io/helm/stan-logo-2020.png @@ -23,4 +23,4 @@ maintainers: name: instana-agent sources: - https://github.com/instana/instana-agent-docker -version: 1.2.60 +version: 1.2.61 diff --git a/charts/instana/instana-agent/README.md b/charts/instana/instana-agent/README.md index 36d037bb7..cf38c4f68 100644 --- a/charts/instana/instana-agent/README.md +++ b/charts/instana/instana-agent/README.md @@ -120,9 +120,9 @@ The following table lists the configurable parameters of the Instana chart and t | `agent.redactKubernetesSecrets` | Enable additional secrets redaction for selected Kubernetes resources | `nil` See [Kubernetes secrets](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#secrets) for more details. | | `cluster.name` | Display name of the monitored cluster | Value of `zone.name` | | `leaderElector.port` | Instana leader elector sidecar port | `42655` | -| `leaderElector.image.name` | The elector image name to pull | `instana/leader-elector` | -| `leaderElector.image.digest` | The image digest to pull; if specified, it causes `leaderElector.image.tag` to be ignored | `nil` | -| `leaderElector.image.tag` | The image tag to pull; this property is ignored if `leaderElector.image.digest` is specified | `latest` | +| `leaderElector.image.name` | The elector image name to pull. _Note: leader-elector is deprecated and will no longer be updated._ | `instana/leader-elector` | +| `leaderElector.image.digest` | The image digest to pull; if specified, it causes `leaderElector.image.tag` to be ignored. _Note: leader-elector is deprecated and will no longer be updated._ | `nil` | +| `leaderElector.image.tag` | The image tag to pull; this property is ignored if `leaderElector.image.digest` is specified. _Note: leader-elector is deprecated and will no longer be updated._ | `latest` | | `k8s_sensor.deployment.enabled` | Isolate k8sensor with a deployment | `true` | | `k8s_sensor.image.name` | The k8sensor image name to pull | `gcr.io/instana/k8sensor` | | `k8s_sensor.image.digest` | The image digest to pull; if specified, it causes `k8s_sensor.image.tag` to be ignored | `nil` | @@ -275,6 +275,8 @@ These options will be rarely used outside of development or debugging of the age ### Kubernetes Sensor Deployment + _Note: leader-elector and kubernetes sensor is deprecated and will no longer be updated. Instead, k8s_sensor should be used._ + The data about Kubernetes resources is collected by the Kubernetes sensor in the Instana agent. With default configurations, only one Instana agent at any one time is capturing the bulk of Kubernetes data. Which agent gets the task is coordinated by a leader elector mechanism running inside the `leader-elector` container of the `instana-agent` pods. @@ -333,6 +335,10 @@ zones: ## Changelog +### 1.2.61 +* Increase timeout and initialDelay for the Agent container +* Add OTLP ports to headless service + ### 1.2.60 * Enable the k8s_sensor by default diff --git a/charts/instana/instana-agent/templates/_helpers.tpl b/charts/instana/instana-agent/templates/_helpers.tpl index 306a274da..69664cdd4 100644 --- a/charts/instana/instana-agent/templates/_helpers.tpl +++ b/charts/instana/instana-agent/templates/_helpers.tpl @@ -308,8 +308,8 @@ httpGet: host: 127.0.0.1 # localhost because Pod has hostNetwork=true path: /status port: 42699 -initialDelaySeconds: 300 # startupProbe isnt available before K8s 1.16 -timeoutSeconds: 3 +initialDelaySeconds: 600 # startupProbe isnt available before K8s 1.16 +timeoutSeconds: 5 periodSeconds: 10 failureThreshold: 3 {{- end -}} diff --git a/charts/instana/instana-agent/templates/headless-service.yaml b/charts/instana/instana-agent/templates/headless-service.yaml index 07346dad6..670e3a231 100644 --- a/charts/instana/instana-agent/templates/headless-service.yaml +++ b/charts/instana/instana-agent/templates/headless-service.yaml @@ -21,4 +21,23 @@ spec: protocol: TCP port: 42666 targetPort: 42666 + {{ if eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .) }} + # OpenTelemetry original default port + - name: opentelemetry + protocol: TCP + port: 55680 + targetPort: 55680 + # OpenTelemetry as registered and reserved by IANA + - name: opentelemetry-iana + protocol: TCP + port: 4317 + targetPort: 4317 + {{- end -}} + {{ if eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .) }} + # OpenTelemetry HTTP port + - name: opentelemetry-http + protocol: TCP + port: 4318 + targetPort: 4318 + {{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index 0605ea527..4358f12c0 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: console repository: https://charts.redpanda.com - version: 0.6.6 -digest: sha256:af20a82c5cb646895892b783bdcfc50ca41f3f67ec14606c40236969c6a166e4 -generated: "2023-07-10T14:23:47.752683818Z" + version: 0.6.7 +digest: sha256:ab9d2c81c543e757d96bad4ece087707a6786d3b5edff585e6c57426b6171964 +generated: "2023-07-18T19:55:32.757641533Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 88ca1dcdb..07969e4a3 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -33,4 +33,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 4.0.53 +version: 4.0.54 diff --git a/charts/redpanda/redpanda/charts/console/Chart.yaml b/charts/redpanda/redpanda/charts/console/Chart.yaml index a8b1d342f..1f9ac70cb 100644 --- a/charts/redpanda/redpanda/charts/console/Chart.yaml +++ b/charts/redpanda/redpanda/charts/console/Chart.yaml @@ -9,7 +9,7 @@ annotations: - name: "Helm (>= 3.6.0)" url: https://helm.sh/docs/intro/install/ apiVersion: v2 -appVersion: v2.2.4 +appVersion: v2.2.5 description: Helm chart to deploy Redpanda Console. icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg maintainers: @@ -19,4 +19,4 @@ name: console sources: - https://github.com/redpanda-data/helm-charts type: application -version: 0.6.6 +version: 0.6.7 diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index 316016804..3a22d5990 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -972,7 +972,7 @@ }, "kafkaEndpoint": { "type": "string", - "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" + "pattern": "^[A-Za-z_-][A-Za-z0-9_-]*$" }, "authenticationMethod": { "type": ["string", "null"], @@ -1077,7 +1077,7 @@ }, "kafkaEndpoint": { "type": "string", - "pattern": "^[A-Za-z_][A-Za-z0-9_]*$" + "pattern": "^[A-Za-z_-][A-Za-z0-9_-]*$" }, "authenticationMethod": { "type": ["string", "null"], diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index 6dd62cd9b..7dcee8fb6 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.3.161 +appVersion: 1.3.209 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.3.19 +version: 1.3.20 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index 67dc7bcdb..2a4f8285e 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.19 +### Upgrade to 1.3.20 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.19/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.20/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index 67dc7bcdb..2a4f8285e 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.19 +### Upgrade to 1.3.20 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.19/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.20/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index d674f405a..bd047f1a0 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.3.161 + tag: v1.3.209 pullPolicy: Always # Log level for Speedscale components. diff --git a/index.yaml b/index.yaml index 1cbbda9fa..bde7717d5 100644 --- a/index.yaml +++ b/index.yaml @@ -8953,7 +8953,66 @@ entries: type: application urls: - assets/codefresh/cf-runtime-0.1.401.tgz - version: 0.1.401 + version: 0.1.401 + chronicle: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Chronicle + catalog.cattle.io/release-name: chronicle + apiVersion: v2 + appVersion: 0.7.3 + created: "2023-07-19T14:20:37.835720622Z" + dependencies: + - name: standard-defs + repository: file://./charts/standard-defs + version: ~0.1.0 + - name: sawtooth + repository: file://./charts/sawtooth + version: ~0.2.0 + description: 'Chronicle is an open-source, blockchain-backed, domain-agnostic + provenance product. Chronicle makes it easy for users to record and query immutable + provenance information on a distributed ledger - about any asset, in any domain, + and across multiple parties. ' + digest: 080f90a371bd2e6f091ca532dc3dbab15c246f856263ae9eaa20752485445160 + home: https://docs.btp.works/chronicle + icon: https://chronicle-resources.s3.amazonaws.com/icons/chronicle-transparent-bg-dark.png + keywords: + - provenance + - blockchain + name: chronicle + type: application + urls: + - assets/btp/chronicle-0.1.16.tgz + version: 0.1.16 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Chronicle + catalog.cattle.io/release-name: chronicle + apiVersion: v2 + appVersion: 0.7.3 + created: "2023-07-19T14:20:37.831090999Z" + dependencies: + - name: standard-defs + repository: file://./charts/standard-defs + version: ~0.1.0 + - name: sawtooth + repository: file://./charts/sawtooth + version: ~0.2.0 + description: 'Chronicle is an open-source, blockchain-backed, domain-agnostic + provenance product. Chronicle makes it easy for users to record and query immutable + provenance information on a distributed ledger - about any asset, in any domain, + and across multiple parties. ' + digest: 4fc765dd33e358eaf07b7e54f578b88289de493cc85d0d7b31019b919e2f58b7 + home: https://docs.btp.works/chronicle + icon: https://chronicle-resources.s3.amazonaws.com/icons/chronicle-transparent-bg-dark.png + keywords: + - provenance + - blockchain + name: chronicle + type: application + urls: + - assets/btp/chronicle-0.1.15.tgz + version: 0.1.15 citrix-adc-istio-ingress-gateway: - annotations: catalog.cattle.io/certified: partner @@ -9705,6 +9764,27 @@ entries: - assets/cloudcasa/cloudcasa-0.1.000.tgz version: 0.1.000 cockroachdb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CockroachDB + catalog.cattle.io/kube-version: '>=1.8-0' + catalog.cattle.io/release-name: cockroachdb + apiVersion: v1 + appVersion: 23.1.5 + created: "2023-07-19T14:20:37.977166704Z" + description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. + digest: 7c63d4aa8be6701f40e6c5bf4b2cd9f82773d65970f82f08b1bb8369865e04a1 + home: https://www.cockroachlabs.com + icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png + maintainers: + - email: helm-charts@cockroachlabs.com + name: cockroachlabs + name: cockroachdb + sources: + - https://github.com/cockroachdb/cockroach + urls: + - assets/cockroach-labs/cockroachdb-11.0.5.tgz + version: 11.0.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CockroachDB @@ -19272,6 +19352,36 @@ entries: - assets/hpe/hpe-flexvolume-driver-3.1.000.tgz version: 3.1.000 instana-agent: + - annotations: + artifacthub.io/links: | + - name: Instana website + url: https://www.instana.com + - name: Instana Helm charts + url: https://github.com/instana/helm-charts + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Instana Agent + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: instana-agent + apiVersion: v2 + appVersion: 1.252.0 + created: "2023-07-19T14:20:39.222030506Z" + description: Instana Agent for Kubernetes + digest: ccbef2b2dae439fbf1eec51ee697e07a3e1a29c609e2a0c102b546be73316720 + home: https://www.instana.com/ + icon: https://agents.instana.io/helm/stan-logo-2020.png + maintainers: + - email: felix.marx@ibm.com + name: FelixMarxIBM + - email: henning.treu@ibm.com + name: htreu + - email: torsten.kohn@ibm.com + name: tkohn + name: instana-agent + sources: + - https://github.com/instana/instana-agent-docker + urls: + - assets/instana/instana-agent-1.2.61.tgz + version: 1.2.61 - annotations: artifacthub.io/links: | - name: Instana website @@ -33706,6 +33816,44 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 15.3.0 + created: "2023-07-19T14:20:36.66351407Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: e8a5277f42aa686df2a8c2d672b68074f5c65ba40519fc6ff419829258b6f05c + home: https://bitnami.com + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/post + urls: + - assets/bitnami/postgresql-12.6.7.tgz + version: 12.6.7 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -37059,6 +37207,46 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.1.13 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.1.13 + created: "2023-07-19T14:20:42.112196799Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: a76d09e45d66ca4e24a0128b8859c83dfde232a596b9b581ef6188d08ccb4719 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-4.0.54.tgz + version: 4.0.54 - annotations: artifacthub.io/images: | - name: redpanda @@ -40913,6 +41101,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.3.209 + created: "2023-07-19T14:20:42.204740964Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 2e4b1fcee73e968ef7056d176196690395917a8ffda59f119e1760df9295d961 + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.3.20.tgz + version: 1.3.20 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -46462,6 +46681,53 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.2.2 + created: "2023-07-19T14:20:37.70894541Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: a02314cba375fb7dc7a917a7804c51b4562046664c245e819fc07ae93634a92f + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-16.1.28.tgz + version: 16.1.28 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress @@ -50182,6 +50448,38 @@ entries: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 zookeeper: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Zookeeper + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: zookeeper + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.8.2 + created: "2023-07-19T14:20:37.826410777Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache ZooKeeper provides a reliable, centralized register of configuration + data and services for distributed applications. + digest: dc08512543fc2dca6071141f3f6b4dd6fcef5bbc00108ed620c1ac1790eeb24f + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg + keywords: + - zookeeper + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: zookeeper + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper + urls: + - assets/bitnami/zookeeper-11.4.8.tgz + version: 11.4.8 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Zookeeper