167 lines
6.2 KiB
Smarty
167 lines
6.2 KiB
Smarty
{{/* vim: set filetype=mustache: */}}
|
|
|
|
{{/* Expand the name of the chart. */}}
|
|
{{- define "kyverno.name" -}}
|
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/*
|
|
Create a default fully qualified app name.
|
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
|
If release name contains chart name it will be used as a full name.
|
|
*/}}
|
|
{{- define "kyverno.fullname" -}}
|
|
{{- if .Values.fullnameOverride -}}
|
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
|
{{- else -}}
|
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
|
{{- if contains $name .Release.Name -}}
|
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
|
{{- else -}}
|
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Create chart name and version as used by the chart label. */}}
|
|
{{- define "kyverno.chart" -}}
|
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/* Helm required labels */}}
|
|
{{- define "kyverno.labels" -}}
|
|
app.kubernetes.io/component: kyverno
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
app.kubernetes.io/name: {{ template "kyverno.name" . }}
|
|
app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
|
|
app.kubernetes.io/version: "{{ .Chart.Version }}"
|
|
helm.sh/chart: {{ template "kyverno.chart" . }}
|
|
{{- if .Values.customLabels }}
|
|
{{ toYaml .Values.customLabels }}
|
|
{{- end }}
|
|
{{- end -}}
|
|
|
|
{{/* Helm required labels */}}
|
|
{{- define "kyverno.test-labels" -}}
|
|
app.kubernetes.io/component: kyverno
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
app.kubernetes.io/name: {{ template "kyverno.name" . }}-test
|
|
app.kubernetes.io/part-of: {{ template "kyverno.name" . }}
|
|
app.kubernetes.io/version: "{{ .Chart.Version }}"
|
|
helm.sh/chart: {{ template "kyverno.chart" . }}
|
|
{{- end -}}
|
|
|
|
{{/* matchLabels */}}
|
|
{{- define "kyverno.matchLabels" -}}
|
|
app.kubernetes.io/name: {{ template "kyverno.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
{{- end -}}
|
|
|
|
{{/* Get the config map name. */}}
|
|
{{- define "kyverno.configMapName" -}}
|
|
{{- printf "%s" (default (include "kyverno.fullname" .) .Values.config.existingConfig) -}}
|
|
{{- end -}}
|
|
|
|
{{/* Get the metrics config map name. */}}
|
|
{{- define "kyverno.metricsConfigMapName" -}}
|
|
{{- printf "%s" (default (printf "%s-metrics" (include "kyverno.fullname" .)) .Values.config.existingMetricsConfig) -}}
|
|
{{- end -}}
|
|
|
|
{{/* Get the namespace name. */}}
|
|
{{- define "kyverno.namespace" -}}
|
|
{{- if .Values.namespace -}}
|
|
{{- .Values.namespace -}}
|
|
{{- else -}}
|
|
{{- .Release.Namespace -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Create the name of the service to use */}}
|
|
{{- define "kyverno.serviceName" -}}
|
|
{{- printf "%s-svc" (include "kyverno.fullname" .) | trunc 63 | trimSuffix "-" -}}
|
|
{{- end -}}
|
|
|
|
{{/* Create the name of the service account to use */}}
|
|
{{- define "kyverno.serviceAccountName" -}}
|
|
{{- if .Values.rbac.serviceAccount.create -}}
|
|
{{ default (include "kyverno.fullname" .) .Values.rbac.serviceAccount.name }}
|
|
{{- else -}}
|
|
{{ default "default" .Values.rbac.serviceAccount.name }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
|
|
{{/* Create the default PodDisruptionBudget to use */}}
|
|
{{- define "podDisruptionBudget.spec" -}}
|
|
{{- if and .Values.podDisruptionBudget.minAvailable .Values.podDisruptionBudget.maxUnavailable }}
|
|
{{- fail "Cannot set both .Values.podDisruptionBudget.minAvailable and .Values.podDisruptionBudget.maxUnavailable" -}}
|
|
{{- end }}
|
|
{{- if not .Values.podDisruptionBudget.maxUnavailable }}
|
|
minAvailable: {{ default 1 .Values.podDisruptionBudget.minAvailable }}
|
|
{{- end }}
|
|
{{- if .Values.podDisruptionBudget.maxUnavailable }}
|
|
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- define "kyverno.securityContext" -}}
|
|
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version }}
|
|
{{ toYaml (omit .Values.securityContext "seccompProfile") }}
|
|
{{- else }}
|
|
{{ toYaml .Values.securityContext }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- define "kyverno.testSecurityContext" -}}
|
|
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version }}
|
|
{{ toYaml (omit .Values.testSecurityContext "seccompProfile") }}
|
|
{{- else }}
|
|
{{ toYaml .Values.testSecurityContext }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- define "kyverno.imagePullSecret" }}
|
|
{{- printf "{\"auths\":{\"%s\":{\"auth\":\"%s\"}}}" .registry (printf "%s:%s" .username .password | b64enc) | b64enc }}
|
|
{{- end }}
|
|
|
|
{{- define "kyverno.image" -}}
|
|
{{- if .image.registry -}}
|
|
{{ .image.registry }}/{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
|
|
{{- else -}}
|
|
{{ required "An image repository is required" .image.repository }}:{{ default .defaultTag .image.tag }}
|
|
{{- end -}}
|
|
{{- end }}
|
|
|
|
{{- define "kyverno.resourceFilters" -}}
|
|
{{- $resourceFilters := .Values.config.resourceFilters }}
|
|
{{- if .Values.excludeKyvernoNamespace }}
|
|
{{- $resourceFilters = prepend .Values.config.resourceFilters (printf "[*,%s,*]" (include "kyverno.namespace" .)) }}
|
|
{{- end }}
|
|
{{- range $exclude := .Values.resourceFiltersExcludeNamespaces }}
|
|
{{- range $filter := $resourceFilters }}
|
|
{{- if (contains (printf ",%s," $exclude) $filter) }}
|
|
{{- $resourceFilters = without $resourceFilters $filter }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- tpl (join "" $resourceFilters) . }}
|
|
{{- end }}
|
|
|
|
{{- define "kyverno.webhooks" -}}
|
|
{{- $excludeDefault := dict "key" "kubernetes.io/metadata.name" "operator" "NotIn" "values" (list (include "kyverno.namespace" .)) }}
|
|
{{- $newWebhook := list }}
|
|
{{- range $webhook := .Values.config.webhooks }}
|
|
{{- $namespaceSelector := default dict $webhook.namespaceSelector }}
|
|
{{- $matchExpressions := default list $namespaceSelector.matchExpressions }}
|
|
{{- $newNamespaceSelector := dict "matchLabels" $namespaceSelector.matchLabels "matchExpressions" (append $matchExpressions $excludeDefault) }}
|
|
{{- $newWebhook = append $newWebhook (merge (omit $webhook "namespaceSelector") (dict "namespaceSelector" $newNamespaceSelector)) }}
|
|
{{- end }}
|
|
{{- $newWebhook | toJson }}
|
|
{{- end }}
|
|
|
|
{{- define "kyverno.crdAnnotations" -}}
|
|
{{- range $key, $value := .Values.crds.annotations }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|