mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
refactor: add names and security context helpers to helm chart (#6136)
* refactor: add names and security context helpers to helm chart Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
e4b19ebb25
commit
7b3db15662
16 changed files with 69 additions and 86 deletions
|
|
@ -1,42 +1,9 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{- define "kyverno.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.chartVersion" -}}
|
||||
{{- if .Values.templating.enabled -}}
|
||||
{{ required "templating.version is required when templating.enabled is true" .Values.templating.version | replace "+" "_" }}
|
||||
{{- required "templating.version is required when templating.enabled is true" .Values.templating.version | replace "+" "_" -}}
|
||||
{{- else -}}
|
||||
{{ .Chart.Version | replace "+" "_" }}
|
||||
{{- .Chart.Version | replace "+" "_" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.namespace" -}}
|
||||
{{ default .Release.Namespace .Values.namespaceOverride }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.securityContext" -}}
|
||||
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version }}
|
||||
{{ toYaml (omit .Values.securityContext "seccompProfile") }}
|
||||
{{- else }}
|
||||
{{ toYaml .Values.securityContext }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
26
charts/kyverno/templates/_helpers/_names.tpl
Normal file
26
charts/kyverno/templates/_helpers/_names.tpl
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
|
||||
{{- define "kyverno.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.namespace" -}}
|
||||
{{ default .Release.Namespace .Values.namespaceOverride }}
|
||||
{{- end -}}
|
||||
|
|
@ -29,10 +29,12 @@ spec:
|
|||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.image.pullSecrets }}
|
||||
imagePullSecrets: {{ tpl (toYaml .) $ | nindent 8 }}
|
||||
imagePullSecrets:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.podSecurityContext }}
|
||||
securityContext: {{ tpl (toYaml .) $ | nindent 8 }}
|
||||
securityContext:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.antiAffinity.enable .Values.podAffinity .Values.nodeAffinity }}
|
||||
affinity:
|
||||
|
|
@ -84,8 +86,9 @@ spec:
|
|||
{{- with .Values.initResources }}
|
||||
resources: {{ tpl (toYaml .) $ | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext: {{ include "kyverno.securityContext" . | nindent 12 }}
|
||||
{{- with .Values.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: METRICS_CONFIG
|
||||
|
|
@ -122,8 +125,9 @@ spec:
|
|||
{{- with .Values.resources }}
|
||||
resources: {{ tpl (toYaml .) $ | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.securityContext }}
|
||||
securityContext: {{ include "kyverno.securityContext" . | nindent 12 }}
|
||||
{{- with .Values.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: 9443
|
||||
|
|
|
|||
|
|
@ -37,11 +37,3 @@
|
|||
{{ required "A service account name is required when `rbac.create` is set to `false`" .Values.cleanupController.rbac.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.cleanup-controller.securityContext" -}}
|
||||
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version -}}
|
||||
{{- toYaml (omit .Values.cleanupController.securityContext "seccompProfile") -}}
|
||||
{{- else -}}
|
||||
{{- toYaml .Values.cleanupController.securityContext -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -120,8 +120,9 @@ spec:
|
|||
{{- with .Values.cleanupController.resources }}
|
||||
resources: {{ tpl (toYaml .) $ | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.cleanupController.securityContext }}
|
||||
securityContext: {{ include "kyverno.cleanup-controller.securityContext" . | nindent 12 }}
|
||||
{{- with .Values.cleanupController.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.cleanupController.startupProbe }}
|
||||
startupProbe:
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@
|
|||
{{ .Release.Name }}:reports-controller
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of the service account to use */}}
|
||||
{{- define "kyverno.reports-controller.serviceAccountName" -}}
|
||||
{{- if .Values.reportsController.rbac.create -}}
|
||||
{{ default (include "kyverno.reports-controller.name" .) .Values.reportsController.rbac.serviceAccount.name }}
|
||||
|
|
@ -38,11 +37,3 @@
|
|||
{{ required "A service account name is required when `rbac.create` is set to `false`" .Values.reportsController.rbac.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.reports-controller.securityContext" -}}
|
||||
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version }}
|
||||
{{ toYaml (omit .Values.reportsController.securityContext "seccompProfile") }}
|
||||
{{- else }}
|
||||
{{ toYaml .Values.reportsController.securityContext }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -118,8 +118,9 @@ spec:
|
|||
{{- with .Values.reportsController.resources }}
|
||||
resources: {{ tpl (toYaml .) $ | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.reportsController.securityContext }}
|
||||
securityContext: {{ include "kyverno.reports-controller.securityContext" . | nindent 12 }}
|
||||
{{- with .Values.reportsController.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -18,16 +18,6 @@
|
|||
helm.sh/hook: test
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.test.securityContext" -}}
|
||||
{{- if .Values.test.securityContext -}}
|
||||
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version -}}
|
||||
{{ toYaml (omit .Values.test.securityContext "seccompProfile") }}
|
||||
{{- else -}}
|
||||
{{ toYaml .Values.test.securityContext }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kyverno.test.image" -}}
|
||||
{{- template "kyverno.image" (dict "image" .Values.test.image "defaultTag" "latest") -}}
|
||||
{{- end -}}
|
||||
|
|
|
|||
|
|
@ -17,8 +17,10 @@ spec:
|
|||
resources:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.test.securityContext }}
|
||||
securityContext:
|
||||
{{- include "kyverno.test.securityContext" . | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
|
|
|||
|
|
@ -18,8 +18,10 @@ spec:
|
|||
resources:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.test.securityContext }}
|
||||
securityContext:
|
||||
{{- include "kyverno.test.securityContext" . | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
|
|
|||
|
|
@ -17,8 +17,10 @@ spec:
|
|||
resources:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.test.securityContext }}
|
||||
securityContext:
|
||||
{{- include "kyverno.test.securityContext" . | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
|
|
|||
|
|
@ -18,8 +18,10 @@ spec:
|
|||
resources:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.test.securityContext }}
|
||||
securityContext:
|
||||
{{- include "kyverno.test.securityContext" . | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
|
|
|||
|
|
@ -18,8 +18,10 @@ spec:
|
|||
resources:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.test.securityContext }}
|
||||
securityContext:
|
||||
{{- include "kyverno.test.securityContext" . | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
|
|
|||
|
|
@ -18,8 +18,10 @@ spec:
|
|||
resources:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.test.securityContext }}
|
||||
securityContext:
|
||||
{{- include "kyverno.test.securityContext" . | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
|
|
|||
|
|
@ -18,8 +18,10 @@ spec:
|
|||
resources:
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.test.securityContext }}
|
||||
securityContext:
|
||||
{{- include "kyverno.test.securityContext" . | nindent 8 }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
|
|
|
|||
|
|
@ -32162,8 +32162,7 @@ spec:
|
|||
requests:
|
||||
cpu: 10m
|
||||
memory: 64Mi
|
||||
securityContext:
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
|
|
@ -32198,8 +32197,7 @@ spec:
|
|||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
securityContext:
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
|
|
@ -32358,7 +32356,7 @@ spec:
|
|||
requests:
|
||||
cpu: 100m
|
||||
memory: 64Mi
|
||||
securityContext:
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
|
|
@ -32472,8 +32470,7 @@ spec:
|
|||
requests:
|
||||
cpu: 100m
|
||||
memory: 64Mi
|
||||
securityContext:
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue