UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit df9c3b26 authored by Michael McLeroy's avatar Michael McLeroy Committed by Micah Nagel
Browse files

Extends Big Bang using Values

parent e65616a1
No related branches found
No related tags found
1 merge request!2272Extends Big Bang using Values
Hide whitespace changes
Inline Side-by-side
Showing
with 486 additions and 3 deletions
chart/templates/_helpers.tpl
+ 36
3
View file @ df9c3b26
...@@ -83,10 +83,11 @@ Build common set of file extensions to include/exclude ...@@ -83,10 +83,11 @@ Build common set of file extensions to include/exclude
Common labels for all objects Common labels for all objects
*/}} */}}
{{- define "commonLabels" -}} {{- define "commonLabels" -}}
app.kubernetes.io/instance: "{{ .Release.Name }}" app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: "{{ .Chart.Version }}" app.kubernetes.io/version: {{ default .Chart.Version .Chart.AppVersion | replace "+" "_" }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: "bigbang" app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux" helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
{{- end -}} {{- end -}}
{{- define "values-secret" -}} {{- define "values-secret" -}}
...@@ -158,3 +159,35 @@ bigbang.dev/istioVersion: {{ .Values.istio.git.tag | trimSuffix (regexFind "-bb. ...@@ -158,3 +159,35 @@ bigbang.dev/istioVersion: {{ .Values.istio.git.tag | trimSuffix (regexFind "-bb.
bigbang.dev/istioVersion: {{ .Values.istio.git.branch }} bigbang.dev/istioVersion: {{ .Values.istio.git.branch }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- /* Helpers below this line are in support of the Big Bang extensibility feature */ -}}
{{- /* Converts the string in . to a legal Kubernetes resource name */ -}}
{{- define "resourceName" -}}
{{- regexReplaceAll "\\W+" . "-" | trimPrefix "-" | trunc 63 | trimSuffix "-" | kebabcase -}}
{{- end -}}
{{- /* Returns a space separated string of unique namespaces where `<package>.enabled` and key held in `.constraint` are true */ -}}
{{- /* [Optional] Set `.constraint` to the key under <package> holding a boolean that must be true to be enabled */ -}}
{{- /* [Optional] Set `.default` to `true` to enable a `true` result when the `constraint` key is not found */ -}}
{{- /* To use: $ns := compact (splitList " " (include "uniqueNamespaces" (merge (dict "constraint" "some.boolean" "default" true) .))) */ -}}
{{- define "uniqueNamespaces" -}}
{{- $namespaces := list -}}
{{- range $pkg, $vals := .Values.packages -}}
{{- if (dig "enabled" true $vals) -}}
{{- $constraint := $vals -}}
{{- range $key := split "." (default "" $.constraint) -}}
{{- $constraint = (dig $key dict $constraint) -}}
{{- end -}}
{{- if (ternary $constraint (default false $.default) (kindIs "bool" $constraint)) -}}
{{- $namespaces = append $namespaces (dig "namespace" "name" (include "resourceName" $pkg) $vals) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- join " " (uniq $namespaces) | trim -}}
{{- end -}}
{{- /* Prints istio version */ -}}
{{- define "istioVersion" -}}
{{ regexReplaceAll "-bb.+$" (coalesce .Values.istio.git.semver .Values.istio.git.tag .Values.istio.git.branch) "" }}
{{- end -}}
chart/templates/package/gitrepository.yaml 0 → 100644
+ 26
0
View file @ df9c3b26
{{- /* Used for GitOps on a package's Helm chart */ -}}
{{- range $pkg, $vals := .Values.packages -}}
{{- if (dig "enabled" true $vals) -}}
{{- $pkg = include "resourceName" $pkg -}}
{{- $defaults := $.Files.Get (printf "defaults/%s.yaml" $pkg) -}}
{{- if $defaults -}}
{{- $vals := merge $vals ($defaults | fromYaml).package -}}
{{- end -}}
{{- $fluxSettings := merge (dig "flux" dict $vals) $.Values.flux -}}
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: {{ $pkg }}
namespace: {{ dig "namespace" "name" $pkg $vals }}
labels:
app.kubernetes.io/name: {{ $pkg }}
{{- include "commonLabels" $ | nindent 4 }}
spec:
interval: {{ default "5m" $fluxSettings.interval }}
url: {{ dig "git" "repo" nil $vals }}
ref:
{{- include "validRef" $vals.git | nindent 4 -}}
{{- include "gitCreds" $ | nindent 2 }}
---
{{ end -}}
{{- end -}}
\ No newline at end of file
chart/templates/package/helmrelease.yaml 0 → 100644
+ 60
0
View file @ df9c3b26
{{- /* Used for deploying a package using a Helm chart */ -}}
{{- range $pkg, $vals := .Values.packages -}}
{{- if and (dig "enabled" true $vals) (not $vals.kustomize) -}}
{{- $pkg := include "resourceName" $pkg -}}
{{- $defaults := $.Files.Get (printf "defaults/%s.yaml" $pkg) -}}
{{- if $defaults -}}
{{- $vals := merge $vals ($defaults | fromYaml).package -}}
{{- end -}}
{{- $fluxSettings := merge (dig "flux" dict $vals) $.Values.flux -}}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: {{ $pkg }}
namespace: {{ dig "namespace" "name" $pkg $vals }}
labels:
app.kubernetes.io/name: {{ $pkg }}
{{- include "commonLabels" $ | nindent 4 }}
spec:
releaseName: {{ $pkg }}
chart:
spec:
chart: {{ dig "git" "path" "chart" $vals }}
interval: {{ default "5m" $fluxSettings.interval }}
reconcileStrategy: Revision
sourceRef:
kind: GitRepository
name: {{ $pkg }}
namespace: {{ dig "namespace" "name" $pkg $vals }}
{{- toYaml $fluxSettings | nindent 2 }}
{{- if $vals.postRenderers }}
postRenderers:
{{- toYaml $vals.postRenderers | nindent 2 }}
{{- end }}
valuesFrom:
- name: {{ $pkg }}-values
kind: Secret
{{- /* Always wait on policy enforcement */ -}}
{{- $gatekeeperDep := $.Values.gatekeeper.enabled -}}
{{- $kyvernoDep := $.Values.kyvernopolicies.enabled -}}
{{- /* Wait on istio if sidecar is enabled */ -}}
{{- $istioDep := (and $.Values.istio.enabled (dig "istio" "injection" true $vals)) -}}
{{- if or $gatekeeperDep $kyvernoDep $istioDep }}
dependsOn:
{{- if $gatekeeperDep }}
- name: gatekeeper
namespace: {{ default "bigbang" $.Values.namespace }}
{{- end }}
{{- if $kyvernoDep }}
- name: kyvernopolicies
namespace: {{ default "bigbang" $.Values.namespace }}
{{- end }}
{{- if $istioDep }}
- name: istio
namespace: {{ default "bigbang" $.Values.namespace }}
{{- end -}}
{{- end }}
---
{{ end -}}
{{- end -}}
\ No newline at end of file
chart/templates/package/kustomization.yaml 0 → 100644
+ 49
0
View file @ df9c3b26
{{- /* Used for deploying a package using Kustomize */ -}}
{{- range $pkg, $vals := .Values.packages -}}
{{- if and (dig "enabled" true $vals) $vals.kustomize -}}
{{- $pkg := include "resourceName" $pkg -}}
{{- $vals := merge $vals ($.Files.Get (printf "defaults/%s.yaml" $pkg) | fromYaml).package }}
{{- $fluxSettings := merge (dig "flux" dict $vals) $.Values.flux -}}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: Kustomization
metadata:
name: {{ $pkg }}
namespace: {{ dig "namespace" "name" $pkg $vals }}
labels:
app.kubernetes.io/name: {{ $pkg }}
{{- include "commonLabels" $ | nindent 4 }}
spec:
path: {{ dig "git" "path" "" $vals }}
sourceRef:
kind: GitRepository
name: {{ $pkg }}
namespace: {{ dig "namespace" "name" $pkg $vals }}
{{- toYaml $fluxSettings | nindent 2 }}
postBuild:
substituteFrom:
- name: {{ $pkg }}-values
kind: Secret
{{- /* Always wait on policy enforcement */ -}}
{{- $gatekeeperDep := $.Values.gatekeeper.enabled -}}
{{- $kyvernoDep := $.Values.kyvernopolicies.enabled -}}
{{- /* Wait on istio if sidecar is enabled */ -}}
{{- $istioDep := (and $.Values.istio.enabled (dig "istio" "injection" true $vals)) -}}
{{- if or $gatekeeperDep $kyvernoDep $istioDep }}
dependsOn:
{{- if $gatekeeperDep }}
- name: gatekeeper
namespace: {{ default "bigbang" $.Values.namespace }}
{{- end }}
{{- if $kyvernoDep }}
- name: kyvernopolicies
namespace: {{ default "bigbang" $.Values.namespace }}
{{- end }}
{{- if $istioDep }}
- name: istio
namespace: {{ default "bigbang" $.Values.namespace }}
{{- end -}}
{{- end }}
---
{{ end -}}
{{- end -}}
\ No newline at end of file
chart/templates/package/namespace.yaml 0 → 100644
+ 25
0
View file @ df9c3b26
{{- /* Used for creating namespaces that package's use. */ -}}
{{- /* If two packages reside in the same namespace, set namespace.create=false in one of them. */ -}}
{{- range $pkg, $vals := .Values.packages -}}
{{- if and (dig "enabled" true $vals) (dig "namespace" "create" true $vals) -}}
{{- $pkg = include "resourceName" $pkg -}}
apiVersion: v1
kind: Namespace
metadata:
name: {{ dig "namespace" "name" $pkg $vals }}
labels:
app.kubernetes.io/name: {{ $pkg }}
{{- include "commonLabels" $ | nindent 4 }}
{{- if $.Values.istio.enabled }}
istio-injection: {{ ternary "enabled" "disabled" (dig "istio" "injection" true $vals) }}
{{- end -}}
{{- if (dig "namespace" "labels" nil $vals) -}}
{{- toYaml $vals.namespace.labels | nindent 4 -}}
{{- end -}}
{{- if (dig "namespace" "annotations" nil $vals) }}
annotations:
{{- toYaml $vals.namespace.annotations | nindent 4 -}}
{{- end }}
---
{{ end -}}
{{- end -}}
\ No newline at end of file
chart/templates/package/values.yaml 0 → 100644
+ 22
0
View file @ df9c3b26
{{- /* Used for creating values for the package's Helm chart */ -}}
{{- range $pkg, $vals := .Values.packages -}}
{{- if (dig "enabled" true $vals) -}}
{{- $pkg = include "resourceName" $pkg -}}
{{- $defaults := $.Files.Get (printf "defaults/%s.yaml" $pkg) -}}
{{- if $defaults -}}
{{- $vals := merge $vals ($defaults | fromYaml).package -}}
{{- end -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $pkg }}-values
namespace: {{ dig "namespace" "name" $pkg $vals }}
labels:
{{- include "commonLabels" $ | nindent 4 }}
type: Opaque
stringData:
values.yaml: |
{{- tpl (toYaml $vals.values) $ | nindent 4 }}
---
{{ end -}}
{{- end -}}
\ No newline at end of file
chart/templates/secrets/certificateauthority.yaml 0 → 100644
+ 17
0
View file @ df9c3b26
{{- /* Used for adding a trusted custom CA for SSO. One per namespace. */ -}}
{{- if (dig "certificate_authority" false .Values.sso) -}}
{{- range $ns := compact (splitList " " (include "uniqueNamespaces" (merge (dict "default" false "constraint" "sso.enabled") $))) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ default "sso-certificate-authority" $.Values.sso.secretName }}
namespace: {{ $ns }}
labels:
app.kubernetes.io/name: {{ $ns }}
{{- include "commonLabels" $ | nindent 4 }}
type: Opaque
data:
ca.pem: {{ $.Values.sso.certificate_authority | b64enc }}
---
{{ end -}}
{{- end -}}
\ No newline at end of file
chart/templates/secrets/gitcredential.yaml 0 → 100644
+ 38
0
View file @ df9c3b26
{{- /* Used for GitOps on Helm charts. One per namespace */ -}}
{{- if not (dig "existingSecret" nil .Values.git) -}}
{{- with (dig "credentials" dict .Values.git) -}}
{{- if or .username .password .caFile .privateKey .publicKey .knownHosts -}}
{{- range $ns := compact (splitList " " (include "uniqueNamespaces" (merge (dict "default" true) $))) -}}
apiVersion: v1
kind: Secret
metadata:
name: git-credentials
namespace: {{ $ns }}
labels:
app.kubernetes.io/name: git-credentials
{{- include "commonLabels" . | nindent 4 }}
type: Opaque
data:
{{- if .caFile }}
caFile: {{ .caFile | b64enc }}
{{- end -}}
{{- if and .username .password }}
username: {{ .username | b64enc }}
password: {{ .password | b64enc }}
{{- else if or .username .password -}}
{{- fail "When using http git credentials, all of these must be specified: username, and password" -}}
{{- end -}}
{{- if and .privateKey .publicKey .knownHosts }}
identity: {{ .privateKey | b64enc }}
identity.pub: {{ .publicKey | b64enc }}
known_hosts: {{ .knownHosts | b64enc }}
{{- else if or .privateKey .publicKey .knownHosts -}}
{{- fail "When using ssh git credentials, all of these must be specified: privateKey, publicKey, and knownHosts" -}}
{{- end }}
---
{{ end -}}
{{- end -}}
{{- end -}}
{{- end -}}
\ No newline at end of file
chart/templates/secrets/imagepullsecret.yaml 0 → 100644
+ 17
0
View file @ df9c3b26
{{- /* Used for pulling images from custom registries. One per namespace */ -}}
{{- if .Values.registryCredentials -}}
{{- range $ns := compact (splitList " " (include "uniqueNamespaces" (merge (dict "default" true) .))) -}}
apiVersion: v1
kind: Secret
metadata:
name: private-registry
namespace: {{ $ns }}
labels:
app.kubernetes.io/name: private-registry
{{- include "commonLabels" $ | nindent 4 }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" $ }}
---
{{- end -}}
{{- end -}}
\ No newline at end of file
chart/templates/wrapper/gitrepository.yaml 0 → 100644
+ 17
0
View file @ df9c3b26
{{- /* Used for GitOps of the BigBang package wrapper Helm chart. Shared by all packages */ -}}
{{- if .Values.wrapper -}}
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: {{ .Release.Name }}-wrapper
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}-wrapper
{{- include "commonLabels" $ | nindent 4 }}
spec:
interval: {{ dig "interval" "5m" .Values.flux }}
url: {{ .Values.wrapper.git.repo }}
ref:
{{- include "validRef" .Values.wrapper.git | nindent 4 -}}
{{- include "gitCreds" . | nindent 2 }}
{{- end -}}
\ No newline at end of file
chart/templates/wrapper/helmrelease.yaml 0 → 100644
+ 58
0
View file @ df9c3b26
{{- /* Used for Helm chart deployment of Big Bang wrapper. One per package. */ -}}
{{- range $pkg, $vals := .Values.packages -}}
{{- if (dig "enabled" true $vals) -}}
{{- $pkg = include "resourceName" $pkg -}}
{{- $fluxSettings := merge (dig "flux" dict $vals) $.Values.flux -}}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: {{ $pkg }}-wrapper
namespace: {{ dig "namespace" "name" $pkg $vals }}
labels:
app.kubernetes.io/name: {{ $pkg }}-wrapper
{{- include "commonLabels" $ | nindent 4 }}
spec:
releaseName: {{ $pkg }}-wrapper
chart:
spec:
chart: {{ default "wrapper" $.Values.wrapper.git.path }}
interval: {{ default "5m" $fluxSettings.interval }}
reconcileStrategy: Revision
sourceRef:
kind: GitRepository
name: {{ $.Release.Name }}-wrapper
namespace: {{ $.Release.Namespace }}
{{- toYaml $fluxSettings | nindent 2 }}
valuesFrom:
- name: {{ $pkg }}-wrapper-values
kind: Secret
{{- /* Always wait on policy enforcement */ -}}
{{- $gatekeeperDep := $.Values.gatekeeper.enabled -}}
{{- $kyvernoDep := $.Values.kyvernopolicies.enabled -}}
{{- /* Wait on istio operator if creating a Virtual Service */ -}}
{{- $istioOpDep := and $.Values.istio.enabled (dig "istio" "hosts" false $vals) -}}
{{- /* Wait on monitoring if dashboard or metrics are enabled */ -}}
{{- $monitoringDep := $.Values.monitoring.enabled -}}
{{- if or $gatekeeperDep $istioOpDep $kyvernoDep $monitoringDep }}
dependsOn:
{{- if $gatekeeperDep }}
- name: gatekeeper
namespace: {{ $.Release.Namespace }}
{{- end }}
{{- if $kyvernoDep }}
- name: kyvernopolicies
namespace: {{ $.Release.Namespace }}
{{- end }}
{{- if $istioOpDep }}
- name: istio-operator
namespace: {{ $.Release.Namespace }}
{{- end }}
{{- if $monitoringDep }}
- name: monitoring
namespace: {{ $.Release.Namespace }}
{{- end -}}
{{- end }}
---
{{ end -}}
{{- end -}}
\ No newline at end of file
chart/templates/wrapper/values.yaml 0 → 100644
+ 59
0
View file @ df9c3b26
{{- /* Used for creating values to use for Helm wrapper and package Helm charts. */ -}}
{{- range $pkg, $vals := .Values.packages -}}
{{- if (dig "enabled" true $vals) -}}
{{- $pkg = include "resourceName" $pkg -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $pkg }}-wrapper-values
namespace: {{ dig "namespace" "name" $pkg $vals }}
type: Opaque
stringData:
values.yaml: |
{{- $defaults := ($.Files.Get (printf "defaults/%s.yaml" $pkg) | fromYaml) -}}
{{- $overlays := dict "bigbang" $.Values "package" $vals -}}
{{- $merged := merge $overlays $defaults }}
package:
name: {{ $pkg }}
{{- if (omit $merged.package "git" "flux" "postRenderers") }}
{{- tpl (toYaml (omit $merged.package "git" "flux" "postRenderers")) $ | nindent 6 }}
{{- end }}
bigbang:
{{- toYaml (pick $merged.bigbang "domain" "openshift") | nindent 6 -}}
{{- /* For every top level map, if it has the enable key, pass it through. */ -}}
{{- range $bbpkg, $bbvals := $merged.bigbang -}}
{{- if kindIs "map" $bbvals -}}
{{- if hasKey $bbvals "enabled" -}}
{{- $bbpkg | nindent 6 -}}:
{{- /* For network policies, we need all of its values. */ -}}
{{- if eq $bbpkg "networkPolicies" -}}
{{- toYaml $bbvals | nindent 8 -}}
{{- else }}
enabled: {{ $bbvals.enabled }}
{{- end -}}
{{- /* For addons, pass through the enable key. */ -}}
{{- else if eq $bbpkg "addons" -}}
{{- $bbpkg | nindent 6 -}}:
{{- range $addpkg, $addvals := $bbvals -}}
{{- if hasKey $addvals "enabled" -}}
{{- $addpkg | nindent 8 }}:
enabled: {{ $addvals.enabled }}
{{- /* For authservice, the selector values are needed. */ -}}
{{- if and (eq $addpkg "authservice") (or (dig "values" "selector" "key" false $addvals) (dig "values" "selector" "value" false $addvals)) }}
values:
selector:
{{- if (dig "values" "selector" "key" false $addvals) -}}
key: {{ $addvals.values.selector.key }}
{{- end -}}
{{- if (dig "values" "selector" "value" false $addvals) -}}
value: {{ $addvals.values.selector.key }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end }}
---
{{ end -}}
{{- end -}}
\ No newline at end of file
chart/values2.0.yaml 0 → 100644
+ 62
0
View file @ df9c3b26
# -- Wrapper chart for integrating Big Bang into a package
wrapper:
git:
# -- Git repo holding the wrapper helm chart
repo: https://repo1.dso.mil/platform-one/big-bang/apps/wrapper
# -- Path inside of the git repo to find the helm chart
path: chart
# -- Git tag to check out. Takes precedence over branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference)
tag:
branch: main
# -- Packages to deploy with Big Bang integration
# @default - '{}'
packages:
# -- Package name. Each package will be independently wrapped for Big Bang integration.
# @default -- Uses `defaults/<package name>.yaml` for defaults. See `package` Helm chart for additional values that can be set.
sample:
# -- Toggle deployment of this package
# @default -- true
enabled: false
# -- Use a kustomize deployment rather than Helm
kustomize: false
git:
# -- (Required) Git repo URL holding the helm chart for this package
repo:
# -- Git commit to check out. Takes precedence over semver, tag, and branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference)
commit:
# -- Git semVer tag expression to check out. Takes precedence over tag. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference)
semver:
# -- Git tag to check out. Takes precedence over branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference)
tag:
# -- Git branch to check out. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference).
# @default -- When no other reference is specified, `master` branch is used
branch:
# -- Path inside of the git repo to find the helm chart or kustomize
# @default -- For Helm charts `chart`. For Kustomize `/`.
path:
# -- Override flux settings for this package
flux: {}
# -- After deployment, patch resources. [More info](https://fluxcd.io/flux/components/helm/helmreleases/#post-renderers)
postRenderers: []
# -- Package details for Istio. See [wrapper values](https://repo1.dso.mil/platform-one/big-bang/apps/wrapper/-/blob/main/chart/values.yaml) for settings.
istio: {}
# -- Package details for monitoring. See [wrapper values](https://repo1.dso.mil/platform-one/big-bang/apps/wrapper/-/blob/main/chart/values.yaml) for settings.
monitor: {}
# -- Package details for network policies. See [wrapper values](https://repo1.dso.mil/platform-one/big-bang/apps/wrapper/-/blob/main/chart/values.yaml) for settings.
network: {}
# -- Secrets that should be created prior to package installation. See [wrapper values](https://repo1.dso.mil/platform-one/big-bang/apps/wrapper/-/blob/main/chart/values.yaml) for settings.
secrets: {}
# -- ConfigMaps that should be created prior to package installation. See [wrapper values](https://repo1.dso.mil/platform-one/big-bang/apps/wrapper/-/blob/main/chart/values.yaml) for settings.
configMaps: {}
# -- Values to pass through to package Helm chart
values: {}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI