Merge branch 'master' into annotation-warnings

helm · Jul 4, 2019 · 2f94104 · 2f94104
2 parents cce380f + e81d7f1
commit 2f94104
Show file tree

Hide file tree

Showing 71 changed files with 1,563 additions and 616 deletions.
diff --git a/stable/concourse/CHANGELOG.md b/stable/concourse/CHANGELOG.md
@@ -6,3 +6,7 @@
 # v7.0.0:
 
 - upgraded the PostgreSQL Chart (direct dependency of this Chart) from `0.13.1` to `5.3.8`. As various values (like `postgresUser`) changed (to, for instance, `postgresqlUsername`), a major dump was needed.
+
+# v8.0.0:
+
+- changed the format for worker-only deployments from `concourse.worker.tsa.host` and `concourse.worker.tsa.port` to `concourse.worker.tsa.hosts` to take in an array of parameters.
diff --git a/stable/concourse/Chart.yaml b/stable/concourse/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: concourse
-version: 7.0.3
+version: 8.0.1
 appVersion: 5.3.0
 description: Concourse is a simple and scalable CI system.
 icon: https://avatars1.githubusercontent.com/u/7809479

diff --git a/stable/concourse/templates/_helpers.tpl b/stable/concourse/templates/_helpers.tpl
@@ -52,3 +52,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
     {{- end }}
   {{- end }}
 {{- end }}
+
+
+{{/*
+Creates the address of the TSA service.
+*/}}
+{{- define "concourse.web.tsa.address" -}}
+{{- $port := .Values.concourse.web.tsa.bindPort -}}
+{{- if and (eq "NodePort" .Values.web.service.type) .Values.web.service.tsaNodePort -}}
+  {{- $port = .Values.web.service.tsaNodePort -}}
+{{- end -}}
+{{ template "concourse.web.fullname" . }}:{{- print $port -}}
+{{- end -}}
diff --git a/stable/concourse/templates/required-check.yaml b/stable/concourse/templates/required-check.yaml
@@ -1,3 +1,7 @@
 {{ if not (or .Values.web.enabled .Values.worker.enabled) }}
 {{- required "Must set either web.enabled or worker.enabled to create a concourse deployment" "" }}
 {{ end }}
+
+{{ if and (not .Values.concourse.worker.tsa.hosts) (and (not .Values.web.enabled) (.Values.worker.enabled)) }}
+{{- required "concourse.worker.tsa.hosts must be set in case of worker only deployment" "" }}
+{{ end }}
diff --git a/stable/concourse/templates/worker-statefulset.yaml b/stable/concourse/templates/worker-statefulset.yaml
@@ -173,13 +173,13 @@ spec:
             - name: CONCOURSE_LOG_LEVEL
               value: {{ .Values.concourse.worker.logLevel | quote }}
             {{- end }}
-            {{ if and .Values.worker.enabled (not .Values.web.enabled) }}
+            {{ if not .Values.web.enabled }}
             - name: CONCOURSE_TSA_HOST
-              value: "{{ required "concourse.worker.tsa.host must be set in case of worker only deployment" .Values.concourse.worker.tsa.host }}:{{ .Values.concourse.worker.tsa.port}}"
+              value: "{{- range $i, $tsaHost := .Values.concourse.worker.tsa.hosts }}{{- if $i }},{{ end }}{{- $tsaHost }}{{- end -}}"
             {{ else }}
             - name: CONCOURSE_TSA_HOST
-              value: "{{ template "concourse.web.fullname" . }}:{{ .Values.concourse.worker.tsa.port}}"
-            {{ end }}
+              value: "{{ template "concourse.web.tsa.address" . -}}"
+            {{- end }}
             - name: CONCOURSE_TSA_PUBLIC_KEY
               value: "{{ .Values.worker.keySecretsPath }}/host_key.pub"
             - name: CONCOURSE_TSA_WORKER_PRIVATE_KEY

diff --git a/stable/concourse/values.yaml b/stable/concourse/values.yaml
@@ -1101,13 +1101,15 @@ concourse:
     volumeSweeperMaxInFlight: 5
 
     tsa:
-      ## TSA host to forward the worker through.
-      ##
-      host:
 
-      ## TSA port to forward the worker through.
+      ## TSA host(s) to forward the worker through.
+      ## Only used for worker-only deployments.
+      ## Example:
+      ## hosts:
+      ##   - 1.1.1.1:2222
+      ##   - 2.2.2.2:2222
       ##
-      port: 2222
+      hosts: []
 
       ## File containing a public key to expect from the TSA.
       ##

diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: external-dns
-version: 1.9.0
-appVersion: 0.5.14
+version: 2.0.2
+appVersion: 0.5.15
 description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable.
 keywords:
 - external-dns
@@ -10,7 +10,9 @@ keywords:
 home: https://github.com/kubernetes-incubator/external-dns
 sources:
 - https://github.com/kubernetes-incubator/external-dns
+- https://github.com/bitnami/bitnami-docker-external-dns
 maintainers:
 - name: Bitnami
   email: [email protected]
 engine: gotpl
+icon: https://bitnami.com/assets/stacks/external-dns/img/external-dns-stack-110x117.png
diff --git a/stable/external-dns/README.md b/stable/external-dns/README.md
diff --git a/stable/external-dns/templates/NOTES.txt b/stable/external-dns/templates/NOTES.txt
@@ -1,3 +1,8 @@
+** Please be patient while the chart is being deployed **
+
 To verify that external-dns has started, run:
 
-  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "external-dns.name" . }},release={{ .Release.Name }}"
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app.kubernetes.io/name={{ template "external-dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
+
+{{ include "external-dns.validateValues" . }}
+{{ include "external-dns.checkRollingTags" . }}
diff --git a/stable/external-dns/templates/_helpers.tpl b/stable/external-dns/templates/_helpers.tpl
@@ -24,28 +24,201 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
-{{/* Generate basic labels */}}
-{{- define "external-dns.labels" }}
-app: {{ template "external-dns.name" . }}
-heritage: {{.Release.Service }}
-release: {{.Release.Name }}
-{{- if .Values.podLabels }}
-{{ toYaml .Values.podLabels }}
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "external-dns.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Helm required labels */}}
+{{- define "external-dns.labels" -}}
+app.kubernetes.io/name: {{ template "external-dns.name" . }}
+helm.sh/chart: {{ template "external-dns.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/* matchLabels */}}
+{{- define "external-dns.matchLabels" -}}
+app.kubernetes.io/name: {{ template "external-dns.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/* podAnnotations */}}
+{{- define "external-dns.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{- toYaml .Values.podAnnotations }}
 {{- end }}
+{{- if .Values.metrics.podAnnotations }}
+{{- toYaml .Values.metrics.podAnnotations }}
 {{- end }}
+{{- end -}}
+
+{{/*
+Return the proper External DNS image name
+*/}}
+{{- define "external-dns.image" -}}
+{{- $registryName := .Values.image.registry -}}
+{{- $repositoryName := .Values.image.repository -}}
+{{- $tag := .Values.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+    {{- if .Values.global.imageRegistry }}
+        {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+    {{- else -}}
+        {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+    {{- end -}}
+{{- else -}}
+    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "external-dns.imagePullSecrets" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+Also, we can not use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- else if .Values.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end -}}
+{{- else if .Values.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end -}}
+{{- end -}}
 
 {{- define "external-dns.aws-credentials" }}
 [default]
-aws_access_key_id = {{ .Values.aws.accessKey }}
-aws_secret_access_key = {{ .Values.aws.secretKey }}
+aws_access_key_id = {{ .Values.aws.credentials.accessKey }}
+aws_secret_access_key = {{ .Values.aws.credentials.secretKey }}
 {{ end }}
 
-
 {{- define "external-dns.aws-config" }}
 [profile default]
-{{- if .Values.aws.roleArn }}
-role_arn = {{ .Values.aws.roleArn }}
-{{- end }}
+role_arn = {{ .Values.aws.assumeRoleArn }}
 region = {{ .Values.aws.region }}
 source_profile = default
 {{ end }}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "external-dns.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "external-dns.validateValues.provider" .) -}}
+{{- $messages := append $messages (include "external-dns.validateValues.sources" .) -}}
+{{- $messages := append $messages (include "external-dns.validateValues.aws" .) -}}
+{{- $messages := append $messages (include "external-dns.validateValues.google" .) -}}
+{{- $messages := append $messages (include "external-dns.validateValues.infoblox.gridHost" .) -}}
+{{- $messages := append $messages (include "external-dns.validateValues.infoblox.wapiPassword" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of External DNS:
+- must set a provider
+*/}}
+{{- define "external-dns.validateValues.provider" -}}
+{{- if not .Values.provider -}}
+external-dns: provider
+    You must set a provider (options: aws, google, azure, cloudflare, ...)
+    Please set the provider parameter (--set provider="xxxx")
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of External DNS:
+- must provide sources to be observed for new DNS entries by ExternalDNS
+*/}}
+{{- define "external-dns.validateValues.sources" -}}
+{{- if empty .Values.sources -}}
+external-dns: sources
+    You must provide sources to be observed for new DNS entries by ExternalDNS
+    Please set the sources parameter (--set sources="xxxx")
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of External DNS:
+- The AWS Role to assume must follow ARN format when provider is "aws"
+*/}}
+{{- define "external-dns.validateValues.aws" -}}
+{{- if and (eq .Values.provider "aws") .Values.aws.assumeRoleArn -}}
+{{- if not (regexMatch "^arn:aws:iam::.*$" .Values.aws.assumeRoleArn) -}}
+external-dns: aws.assumeRoleArn
+    The AWS Role to assume must follow ARN format: `arn:aws:iam::123455567:role/external-dns`
+    Ref: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    Please set a valid ARN (--set aws.assumeRoleARN="xxxx")
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of External DNS:
+- must provide a service account key when provider is "google"
+*/}}
+{{- define "external-dns.validateValues.google" -}}
+{{- if and (eq .Values.provider "google") (not .Values.google.serviceAccountSecret) (not .Values.google.serviceAccountKey) -}}
+external-dns: google.serviceAccountKey google.serviceAccountSecret
+    You must provide the service account key when provider="google".
+    Please set the service account key (--set google.serviceAccountKey="xxxx")
+    or reuse an existing secret (--set google.serviceAccountSecret="xxxx")
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of External DNS:
+- must provide the Grid Manager host when provider is "infoblox"
+*/}}
+{{- define "external-dns.validateValues.infoblox.gridHost" -}}
+{{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.gridHost) -}}
+external-dns: infoblox.gridHost
+    You must provide the the Grid Manager host when provider="infoblox".
+    Please set the gridHost parameter (--set infoblox.gridHost="xxxx")
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of External DNS:
+- must provide a WAPI password when provider is "infoblox"
+*/}}
+{{- define "external-dns.validateValues.infoblox.wapiPassword" -}}
+{{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.wapiPassword) -}}
+external-dns: infoblox.wapiPassword
+    You must provide a WAPI password when provider="infoblox".
+    Please set the wapiPassword parameter (--set infoblox.wapiPassword="xxxx")
+{{- end -}}
+{{- end -}}
+
+{{/* Check if there are rolling tags in the images */}}
+{{- define "external-dns.checkRollingTags" -}}
+{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }}
+WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
+{{- end }}
+{{- end -}}