airship/charts
Code Issues Proposed changes

add initial chart - dex-aio

Browse Source 
Change-Id: I99700860efd5820896c625a2c2903e3a880697d8
Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
Pete Birley 2020-06-04 10:38:48 -05:00 committed by Pete Birley
parent 7010781cdd
commit da71f4ba9d
18 changed files with 937 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
charts/dex-aio/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

21
charts/dex-aio/Chart.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: v2
name: dex-aio
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: 2.20.0

24
charts/dex-aio/templates/Certificate-dex.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- define "Certificate-dex" -}}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
spec:
secretName: {{ template "helpers.labels.fullname" . }}-tls
issuerRef:
name: {{ .Values.params.endpoints.tls.issuer.name }}
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: {{ .Values.params.endpoints.tls.issuer.kind }}
commonName: {{ .Values.params.endpoints.hostname }}
organization:
- Kubernetes API
dnsNames:
- {{ .Values.params.endpoints.hostname }}
...
{{- end -}}
{{- if .Values.params.endpoints.tls.cert_manager -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Certificate-dex" ) }}
{{- end -}}

17
charts/dex-aio/templates/ClusterRole-dex.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "ClusterRole-dex" -}}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- "*"
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ClusterRole-dex" ) }}

18
charts/dex-aio/templates/ClusterRoleBinding-dex.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- define "ClusterRoleBinding-dex" -}}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "helpers.labels.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "helpers.labels.fullname" . }}
namespace: {{ .Release.Namespace }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ClusterRoleBinding-dex" ) }}

14
charts/dex-aio/templates/ConfigMap-dex.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "ConfigMap-dex" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
data:
{{- range $key, $value := .Values.config }}
{{- include "helpers.config.renderer" (dict "Global" $ "key" $key) | indent 2 }}
{{- end }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ConfigMap-dex" ) }}

233
charts/dex-aio/templates/Deployment-dex.yaml Normal file
View File

@ -0,0 +1,233 @@
{{- define "Deployment-dex" -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
replicas: 1
minReadySeconds: 30
strategy:
rollingUpdate:
maxUnavailable: 0
selector:
matchLabels: {{- include "helpers.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels: {{- include "helpers.labels.labels" . | nindent 8 }}
annotations:
checksum/config: {{ include "helpers.config.hash" ( dict "Global" $ "TemplateName" "ConfigMap-dex.yaml" ) }}
spec:
hostAliases:
- ip: "127.0.0.1"
hostnames:
- "{{ .Values.params.endpoints.hostname }}"
serviceAccountName: {{ template "helpers.labels.fullname" . }}
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- operator: Exists
nodeSelector:
{{ include "helpers.pod.node_selector" ( dict "Global" $ "Application" "dex" ) | nindent 8 }}
{{ if not .Values.params.endpoints.tls.cert_manager }}
initContainers:
- name: cert-gen
image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tls_init" ) }}
command:
- bash
- -cex
- |
export PASSPHRASE=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 32)
TMP_KEY="$(mktemp -d)"
openssl genrsa -des3 -out ${TMP_KEY}/server.key -passout env:PASSPHRASE 1024
openssl rsa -in "${TMP_KEY}/server.key" -out /var/run/airshipit.org/tls/key/tls.key -passin env:PASSPHRASE
openssl req -new -key /var/run/airshipit.org/tls/key/tls.key -out ${TMP_KEY}/server.csr -batch -subj "/commonName={{ .Values.params.endpoints.hostname }}"
openssl x509 -req -days 365 -in ${TMP_KEY}/server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -set_serial $(printf '%(%s)T\n' -1) -out /var/run/airshipit.org/tls/crt/tls.crt
openssl verify -purpose sslserver -CAfile /etc/kubernetes/pki/ca.crt /var/run/airshipit.org/tls/crt/tls.crt
cp -v /etc/kubernetes/pki/ca.crt /var/run/airshipit.org/tls/ca-crt/ca.crt
cp -v /etc/kubernetes/pki/ca.crt /var/run/airshipit.org/tls/ca-crt/ca-certificates.crt
chmod 0444 /var/run/airshipit.org/tls/ca-crt/*.crt /var/run/airshipit.org/tls/crt/tls.crt /var/run/airshipit.org/tls/key/tls.key
volumeMounts:
- name: host-etc-kubernetes-pki
mountPath: /etc/kubernetes/pki
readOnly: true
- name: tls-ca-crt
mountPath: /var/run/airshipit.org/tls/ca-crt
- name: tls-crt
mountPath: /var/run/airshipit.org/tls/crt
- name: tls-key
mountPath: /var/run/airshipit.org/tls/key
{{ end }}
containers:
- name: nginx
image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "nginx" ) }}
imagePullPolicy: {{ .Values.images.pull.policy | quote }}
command:
# - tail
# - -f
# - /dev/null
- nginx
- -g
- 'daemon off;'
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
livenessProbe:
httpGet:
path: /ca.crt
port: http
readinessProbe:
httpGet:
path: /ca.crt
port: http
volumeMounts:
- name: config-nginx-conf
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: tls-ca-crt
mountPath: /usr/share/nginx/html/
- name: tls-crt
mountPath: /var/run/secrets/airshipit.org/tls/crt/
- name: tls-key
mountPath: /var/run/secrets/airshipit.org/tls/key/
- name: dex
image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "dex" ) }}
imagePullPolicy: {{ .Values.images.pull.policy | quote }}
command:
- /usr/local/bin/dex
- serve
- /etc/dex/dex.yaml
env:
- name: LDAP_BINDPW
valueFrom:
secretKeyRef:
name: {{ template "helpers.labels.fullname" . }}
key: ldap-bindpw
livenessProbe:
# note, the api in this container is lisening on localhost, so we hit it via the nginx sidecar
# we have to set the port manually, as names dont carry across containers.
httpGet:
scheme: HTTPS
path: /dex/healthz
port: 443
readinessProbe:
# note, the api in this container is lisening on localhost, so we hit it via the nginx sidecar
# we have to set the port manually, as names dont carry across containers.
httpGet:
scheme: HTTPS
path: /dex/healthz
port: 443
initialDelaySeconds: 5
timeoutSeconds: 1
volumeMounts:
- name: config-dex-yaml
mountPath: /etc/dex/dex.yaml
subPath: dex.yaml
- name: tls-crt
mountPath: /var/run/secrets/airshipit.org/tls/crt/
- name: tls-key
mountPath: /var/run/secrets/airshipit.org/tls/key/
- name: authenticator
image: {{ include "helpers.pod.container.image" (dict "Global" $ "Application" "authenticator") }}
imagePullPolicy: {{ .Values.images.pull.policy | quote }}
command:
- /app/bin/dex-k8s-authenticator
- --config
- /app/authenticator.yaml
livenessProbe:
httpGet:
path: /ui/
scheme: HTTPS
port: 443
readinessProbe:
httpGet:
path: /ui/
scheme: HTTPS
port: 443
initialDelaySeconds: 5
timeoutSeconds: 1
volumeMounts:
- name: config-authenticator-yaml
mountPath: /app/authenticator.yaml
subPath: authenticator.yaml
- name: config-nsswitch-conf
mountPath: /etc/nsswitch.conf
subPath: nsswitch.conf
{{- if .Values.params.endpoints.tls.cert_manager }}
- name: tls-ca-crt
mountPath: /etc/ssl/certs/ca-certificates.crt
subPath: ca.crt
{{- else }}
- name: tls-ca-crt
mountPath: /etc/ssl/certs/
{{- end }}
- name: tls-crt
mountPath: /var/run/secrets/airshipit.org/tls/crt/
- name: tls-key
mountPath: /var/run/secrets/airshipit.org/tls/key/
volumes:
- name: config-dex-yaml
configMap:
name: {{ template "helpers.labels.fullname" . }}
items:
- key: dex.yaml
path: dex.yaml
- name: config-nginx-conf
configMap:
name: {{ template "helpers.labels.fullname" . }}
items:
- key: nginx.conf
path: nginx.conf
- name: config-nsswitch-conf
configMap:
name: {{ template "helpers.labels.fullname" . }}
items:
- key: nsswitch.conf
path: nsswitch.conf
- name: config-authenticator-yaml
configMap:
name: {{ template "helpers.labels.fullname" . }}
items:
- key: authenticator.yaml
path: authenticator.yaml
{{- if .Values.params.endpoints.tls.cert_manager }}
- name: tls-ca-crt
secret:
secretName: {{ template "helpers.labels.fullname" . }}-tls
items:
- key: ca.crt
path: ca.crt
- name: tls-crt
secret:
secretName: {{ template "helpers.labels.fullname" . }}-tls
items:
- key: tls.crt
path: tls.crt
- name: tls-key
secret:
secretName: {{ template "helpers.labels.fullname" . }}-tls
items:
- key: tls.key
path: tls.key
{{- else }}
- name: tls-ca-crt
emptyDir: {}
- name: tls-crt
emptyDir: {}
- name: tls-key
emptyDir: {}
- name: host-etc-kubernetes-pki
hostPath:
path: /etc/kubernetes/pki/
type: DirectoryOrCreate
{{- end }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Deployment-dex" ) }}

24
charts/dex-aio/templates/Role-dex.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- define "Role-dex" -}}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
rules:
- apiGroups:
- dex.coreos.com
resources:
- authcodes
- authrequests
- connectors
- oauth2clients
- offlinesessionses
- passwords
- refreshtokens
- signingkeies
verbs:
- "*"
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Role-dex" ) }}

19
charts/dex-aio/templates/RoleBinding-dex.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- define "RoleBinding-dex" -}}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "helpers.labels.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "helpers.labels.fullname" . }}
namespace: {{ .Release.Namespace }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "RoleBinding-dex" ) }}

12
charts/dex-aio/templates/Secret-dex.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- define "Secret-dex" -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
data:
ldap-bindpw: "{{ b64enc ( .Values.params.ldap.bind_password ) }}"
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-dex" ) }}

24
charts/dex-aio/templates/Service-dex.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- define "Service-dex" -}}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
spec:
type: NodePort
ports:
- name: http
targetPort: http
port: {{ .Values.params.endpoints.port.http }}
nodePort: {{ .Values.params.endpoints.port.http }}
protocol: TCP
- name: https
targetPort: https
port: {{ .Values.params.endpoints.port.https }}
nodePort: {{ .Values.params.endpoints.port.https }}
protocol: TCP
selector: {{- include "helpers.labels.matchLabels" . | nindent 4 }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Service-dex" ) }}

10
charts/dex-aio/templates/ServiceAccount-dex.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- define "ServiceAccount-dex" -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "helpers.labels.fullname" . }}
labels: {{- include "helpers.labels.labels" . | nindent 4 }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ServiceAccount-dex" ) }}

28
charts/dex-aio/templates/helpers/_config.tpl Normal file
View File

@ -0,0 +1,28 @@
{{- define "helpers.config.renderer" -}}
{{- $Global := index . "Global" -}}
{{- $key := index . "key" -}}
{{- $local := dict -}}
{{- $_ := set $local "templateRaw" ( index $Global.Values.config $key ) -}}
{{- with $Global -}}
{{- if not (kindIs "string" $local.templateRaw) -}}
{{- $_ := set $local "template" ( toString ( toPrettyJson ( $local.templateRaw ) ) ) -}}
{{- $_ := set $local "render" ( toString ( toYaml ( fromJson ( tpl $local.template . ) ) ) ) -}}
{{- else -}}
{{- $_ := set $local "template" $local.templateRaw -}}
{{- $_ := set $local "render" ( tpl $local.template . ) -}}
{{- end }}
{{ printf "%s: |" $key }}
{{ $local.render | indent 2 }}
{{- end -}}
{{- end -}}
{{- define "helpers.config.hash" -}}
{{- $name := index . "TemplateName" -}}
{{- $context := index . "Global" -}}
{{- $last := base $context.Template.Name }}
{{- $wtf := $context.Template.Name | replace $last $name -}}
{{- include $wtf $context | sha256sum | quote -}}
{{- end -}}

49
charts/dex-aio/templates/helpers/_labels.tpl Normal file
View File

@ -0,0 +1,49 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "helpers.labels.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "helpers.labels.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "helpers.labels.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Labels to use on {deploy|sts}.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "helpers.labels.matchLabels" -}}
app.kubernetes.io/name: {{ include "helpers.labels.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "helpers.labels.labels" -}}
{{ include "helpers.labels.matchLabels" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "helpers.labels.chart" . }}
{{- end -}}

22
charts/dex-aio/templates/helpers/_pod.tpl Normal file
View File

@ -0,0 +1,22 @@
{{- define "helpers.pod.container.image" -}}
{{- $Global := index . "Global" -}}
{{- $Application := index . "Application" -}}
{{- with index $.Global.Values.images.applications $Application -}}
{{- printf "%s/%s:%s" .repo .name ( .tag | toString ) | quote -}}
{{- end -}}
{{- end -}}
{{- define "helpers.pod.node_selector" -}}
{{- $Global := index . "Global" -}}
{{- $Application := index . "Application" -}}
{{- with index $.Global.Values.node_labels $Application -}}
{{ if kindIs "slice" . }}
{{ range $k, $item := . }}
{{ $item.key }}: {{ $item.value | quote }}
{{ end }}
{{ else }}
{{ .key }}: {{ .value | quote }}
{{ end }}
{{- end }}
{{- end }}

117
charts/dex-aio/templates/helpers/_template.tpl Normal file
View File

@ -0,0 +1,117 @@
{{- define "helpers.template.overlay" -}}
{{- $local := dict -}}
{{/*
By default we merge lists with a 'name' key's values
*/}}
{{- $_ := set $local "merge_same_named" true -}}
{{- if kindIs "map" $ -}}
{{- if hasKey $ "merge_same_named" -}}
{{- $_ := set $local "merge_same_named" $.merge_same_named -}}
{{- end -}}
{{- end -}}
{{- $_ := set $local "input" ( fromYaml ( toString ( include $.template_definition $.Global ) ) ) -}}
{{- $target := dict -}}
{{ $overlay_keys := regexSplit "-+" ( trimSuffix ".yaml" ( lower ( base $.Global.Template.Name ) ) ) 2 }}
{{- $_ := set $local "overlay" dict -}}
{{- if hasKey $.Global.Values.over_rides ( index $overlay_keys 0 ) -}}
{{- if hasKey ( index $.Global.Values.over_rides ( index $overlay_keys 0 ) ) ( index $overlay_keys 1 ) -}}
{{- $_ := set $local "overlay" ( index $.Global.Values.over_rides ( index $overlay_keys 0 ) ( index $overlay_keys 1 ) ) -}}
{{ end }}
{{ end }}
{{- range $item := tuple $local.input $local.overlay -}}
{{- $call := dict "target" $target "source" . "merge_same_named" $local.merge_same_named -}}
{{- $_ := include "helpers._merge" $call -}}
{{- $_ := set $local "result" $call.result -}}
{{- end -}}
{{- if kindIs "map" $ -}}
{{- $_ := set $ "result" $local.result -}}
{{- end -}}
{{ $target | toYaml }}
{{- end -}}
{{- define "helpers._merge" -}}
{{- $local := dict -}}
{{- $_ := set $ "result" $.source -}}
{{/*
TODO: Should we `fail` when trying to merge a collection (map or slice) with
either a different kind of collection or a scalar?
*/}}
{{- if and (kindIs "map" $.target) (kindIs "map" $.source) -}}
{{- range $key, $sourceValue := $.source -}}
{{- if not (hasKey $.target $key) -}}
{{- $_ := set $local "newTargetValue" $sourceValue -}}
{{- if kindIs "map" $sourceValue -}}
{{- $copy := dict -}}
{{- $call := dict "target" $copy "source" $sourceValue -}}
{{- $_ := include "helpers._merge.shallow" $call -}}
{{- $_ := set $local "newTargetValue" $copy -}}
{{- end -}}
{{- else -}}
{{- $targetValue := index $.target $key -}}
{{- $call := dict "target" $targetValue "source" $sourceValue "merge_same_named" $.merge_same_named -}}
{{- $_ := include "helpers._merge" $call -}}
{{- $_ := set $local "newTargetValue" $call.result -}}
{{- end -}}
{{- $_ := set $.target $key $local.newTargetValue -}}
{{- end -}}
{{- $_ := set $ "result" $.target -}}
{{- else if and (kindIs "slice" $.target) (kindIs "slice" $.source) -}}
{{- $call := dict "target" $.target "source" $.source -}}
{{- $_ := include "helpers._merge.append_slice" $call -}}
{{- if $.merge_same_named -}}
{{- $_ := set $local "result" list -}}
{{- $_ := set $local "named_items" dict -}}
{{- range $item := $call.result -}}
{{- $_ := set $local "has_name_key" false -}}
{{- if kindIs "map" $item -}}
{{- if hasKey $item "name" -}}
{{- $_ := set $local "has_name_key" true -}}
{{- end -}}
{{- end -}}
{{- if $local.has_name_key -}}
{{- if hasKey $local.named_items $item.name -}}
{{- $named_item := index $local.named_items $item.name -}}
{{- $call := dict "target" $named_item "source" $item "merge_same_named" $.merge_same_named -}}
{{- $_ := include "helpers._merge" $call -}}
{{- else -}}
{{- $copy := dict -}}
{{- $copy_call := dict "target" $copy "source" $item -}}
{{- $_ := include "helpers._merge.shallow" $copy_call -}}
{{- $_ := set $local.named_items $item.name $copy -}}
{{- $_ := set $local "result" (append $local.result $copy) -}}
{{- end -}}
{{- else -}}
{{- $_ := set $local "result" (append $local.result $item) -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- $_ := set $local "result" $call.result -}}
{{- end -}}
{{- $_ := set $ "result" (uniq $local.result) -}}
{{- end -}}
{{- end -}}
{{- define "helpers._merge.shallow" -}}
{{- range $key, $value := $.source -}}
{{- $_ := set $.target $key $value -}}
{{- end -}}
{{- end -}}
{{- define "helpers._merge.append_slice" -}}
{{- $local := dict -}}
{{- $_ := set $local "result" $.target -}}
{{- range $value := $.source -}}
{{- $_ := set $local "result" (append $local.result $value) -}}
{{- end -}}
{{- $_ := set $ "result" $local.result -}}
{{- end -}}

93
charts/dex-aio/values.schema.json Normal file
View File

@ -0,0 +1,93 @@
{
"$id": "https://example.com/arrays.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"description": "A helm charts image references",
"type": "object",
"properties": {
"images": {
"type": "object",
"additionalProperties": false,
"required": [
"applications",
"pull"
],
"properties": {
"applications": {
"type": "object",
"additionalProperties": {
"type": "object",
"required": [
"tag",
"name",
"repo"
],
"additionalProperties": false,
"properties": {
"tag": {
"anyOf": [
{
"type": "object"
},
{
"type": "string"
}
],
"description": "The image tag."
},
"name": {
"type": "string",
"description": "The image name."
},
"repo": {
"type": "string",
"description": "The image repo."
}
}
}
},
"pull": {
"type": "object",
"additionalProperties": false,
"required": [
"policy"
],
"properties": {
"policy": {
"type": "string",
"enum": [
"Always",
"IfNotPresent",
"Never"
]
}
}
}
}
},
"config": {
"type": "object",
"additionalProperties": {
"anyOf": [
{
"type": "object"
},
{
"type": "string"
}
]
}
},
"params": {
"type": "object",
"additionalProperties": {
"type": "object"
}
},
"over_rides": {
"type": "object",
"additionalProperties": {
"type": "object"
}
}
}
}

189
charts/dex-aio/values.yaml Normal file
View File

File diff suppressed because one or more lines are too long