Blame - charts/openproject/templates/_helpers.tpl - pcloud

blob: 0a6e284b4c96a7abaf56209f78b6ffbb610c8657 [file] [log] [blame]

gio	c916187	2024-04-21 10:46:35 +0400	[diff] [blame]	1	{{/*
				2	Returns the OpenProject image to be used including the respective registry and image tag.
				3	*/}}
				4	{{- define "openproject.image" -}}
				5	{{ .Values.image.registry }}/{{ .Values.image.repository }}{{ if .Values.image.sha256 }}@sha256:{{ .Values.image.sha256 }}{{ else }}:{{ .Values.image.tag }}{{ end }}
				6	{{- end -}}
				7
				8	{{/*
				9	Returns the OpenProject image pull secrets, if any are defined
				10	*/}}
				11	{{- define "openproject.imagePullSecrets" -}}
				12	{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
				13	imagePullSecrets:
				14	{{- range (coalesce .Values.imagePullSecrets .Values.global.imagePullSecrets) }}
				15	- name: "{{ . }}"
				16	{{- end }}
				17	{{- end }}
				18	{{- end -}}
				19
				20	{{/*
				21	Yields the configured container security context if enabled.
				22
				23	Allows writing to the container file system in development mode
				24	This way the OpenProject container works without mounted tmp volumes
				25	which may not work correctly in local development clusters.
				26	*/}}
				27	{{- define "openproject.containerSecurityContext" }}
				28	{{- if .Values.containerSecurityContext.enabled }}
				29	securityContext:
				30	{{-
				31	mergeOverwrite
				32	(omit .Values.containerSecurityContext "enabled" \| deepCopy)
				33	(dict "readOnlyRootFilesystem" (and
				34	(not .Values.develop)
				35	(get .Values.containerSecurityContext "readOnlyRootFilesystem")
				36	))
				37	\| toYaml
				38	\| nindent 2
				39	}}
				40	{{- end }}
				41	{{- end }}
				42
				43	{{/* Yields the configured pod security context if enabled. */}}
				44	{{- define "openproject.podSecurityContext" }}
				45	{{- if .Values.podSecurityContext.enabled }}
				46	securityContext:
				47	{{ omit .Values.podSecurityContext "enabled" \| toYaml \| nindent 2 \| trim }}
				48	{{- end }}
				49	{{- end }}
				50
				51
				52	{{- define "openproject.useTmpVolumes" -}}
				53	{{- if ne .Values.openproject.useTmpVolumes nil -}}
				54	{{- .Values.openproject.useTmpVolumes -}}
				55	{{- else -}}
				56	{{- (not .Values.develop) -}}
				57	{{- end -}}
				58	{{- end -}}
				59
				60	{{- define "openproject.tmpVolumeMounts" -}}
				61	{{- if eq (include "openproject.useTmpVolumes" .) "true" }}
				62	- mountPath: /tmp
				63	name: tmp
				64	- mountPath: /app/tmp
				65	name: app-tmp
				66	{{- end }}
				67	{{- end -}}
				68
				69	{{- define "openproject.tmpVolumeSpec" -}}
				70	{{- if eq (include "openproject.useTmpVolumes" .) "true" }}
				71	- name: tmp
				72	# we can't use emptyDir due to the sticky bit issue
				73	# see: https://github.com/kubernetes/kubernetes/issues/110835
				74	ephemeral:
				75	volumeClaimTemplate:
				76	spec:
				77	accessModes: ["ReadWriteOnce"]
				78	resources:
				79	requests:
				80	storage: {{ .Values.openproject.tmpVolumesStorage }}
				81	- name: app-tmp
				82	# we can't use emptyDir due to the sticky bit / world writable issue
				83	# see: https://github.com/kubernetes/kubernetes/issues/110835
				84	ephemeral:
				85	volumeClaimTemplate:
				86	spec:
				87	accessModes: ["ReadWriteOnce"]
				88	resources:
				89	requests:
				90	storage: {{ .Values.openproject.tmpVolumesStorage }}
				91	{{- end }}
				92	{{- end -}}
				93
				94	{{- define "openproject.envFrom" -}}
				95	- secretRef:
				96	name: {{ include "common.names.fullname" . }}-core
				97	{{- if .Values.openproject.oidc.enabled }}
				98	- secretRef:
				99	name: {{ include "common.names.fullname" . }}-oidc
				100	{{- end }}
				101	{{- if .Values.s3.enabled }}
				102	- secretRef:
				103	name: {{ include "common.names.fullname" . }}-s3
				104	{{- end }}
				105	{{- if eq .Values.openproject.cache.store "memcache" }}
				106	- secretRef:
				107	name: {{ include "common.names.fullname" . }}-memcached
				108	{{- end }}
				109	{{- if .Values.environment }}
				110	- secretRef:
				111	name: {{ include "common.names.fullname" . }}-environment
				112	{{- end }}
				113	{{- if .Values.openproject.extraEnvVarsSecret }}
				114	- secretRef:
				115	name: {{ .Values.openproject.extraEnvVarsSecret }}
				116	{{- end }}
				117	{{- if .Values.openproject.oidc.extraOidcSealedSecret }}
				118	- secretRef:
				119	name: {{ .Values.openproject.oidc.extraOidcSealedSecret }}
				120	{{- end }}
				121	{{- end }}
				122
				123	{{- define "openproject.env" -}}
				124	{{- if .Values.egress.tls.rootCA.fileName }}
				125	- name: SSL_CERT_FILE
				126	value: "/etc/ssl/certs/custom-ca.pem"
				127	{{- end }}
				128	{{- if .Values.postgresql.auth.existingSecret }}
				129	- name: OPENPROJECT_DB_PASSWORD
				130	valueFrom:
				131	secretKeyRef:
				132	name: {{ .Values.postgresql.auth.existingSecret }}
				133	key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey }}
				134	{{- else if .Values.postgresql.auth.password }}
				135	- name: OPENPROJECT_DB_PASSWORD
				136	value: {{ .Values.postgresql.auth.password }}
				137	{{- else }}
				138	- name: OPENPROJECT_DB_PASSWORD
				139	valueFrom:
				140	secretKeyRef:
				141	name: {{ include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) }}
				142	key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey }}
				143	{{- end }}
				144	{{- end }}
				145
				146	{{- define "openproject.envChecksums" }}
				147	# annotate pods with env value checksums so changes trigger re-deployments
				148	{{/* If I knew how to map and reduce a range in helm I would do that and use a single checksum. But here we are. */}}
				149	{{- range $suffix := list "core" "memcached" "oidc" "s3" "environment" }}
				150	checksum/env-{{ $suffix }}: {{ include (print $.Template.BasePath "/secret_" $suffix ".yaml") $ \| sha256sum }}
				151	{{- end }}
				152	{{- end }}