[skip ci] repo-sync

Author: loft-bot

chart/Chart.yaml

@@ -32,4 +32,4 @@ maintainers:
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
-version: 
+version: v4.8.0-alpha.4

chart/templates/_helpers.tpl

@@ -27,17 +27,56 @@ Default image name for a given product
 {{- printf "ghcr.io/loft-sh/loft:%s" .Chart.Version -}}
 {{- end -}}
 
+{{/*
+Populate image ref for a given product
+*/}}
+{{- define "loft.imageRef" -}}
+{{- $registry := default "ghcr.io" .Values.imageRef.registry -}}
+{{- $repository := coalesce .Values.imageRef.repository .repo "loft-sh/vcluster-platform" -}}
+{{- $tag := default .Chart.Version .Values.imageRef.tag -}}
+{{- printf "%s/%s:%s" $registry $repository $tag -}}
+{{- end -}}
+
 {{- define "loft.image" -}}
   {{- if .Values.product -}}
     {{- if eq .Values.product "vcluster-pro" -}}
-      {{- printf "ghcr.io/loft-sh/vcluster-platform:%s" .Chart.Version -}}
-    {{- else if eq .Values.product "devpod-pro" -}}
-      {{- printf "ghcr.io/loft-sh/devpod-pro:%s" .Chart.Version -}}
+	  {{- if .Values.imageRef -}}
+	    {{ include "loft.imageRef" $ }}
+	  {{- else -}}
+		{{- printf "ghcr.io/loft-sh/vcluster-platform:%s" .Chart.Version -}}
+	  {{- end -}}
     {{- else -}}
-      {{ include "loft.defaultImage" . }}
+	  {{- if .Values.imageRef -}}
+	    {{ include "loft.imageRef" (merge (dict "repo" "loft-sh/loft") $) }}
+	  {{- else -}}
+        {{ coalesce .Values.image (include "loft.defaultImage" .) }}
+	  {{- end -}}
     {{- end -}}
   {{- else -}}
-    {{ include "loft.defaultImage" . }}
+	{{- if .Values.imageRef -}}
+	  {{ include "loft.imageRef" (merge (dict "repo" "loft-sh/loft") $) }}
+	{{- else -}}
+      {{ coalesce .Values.image (include "loft.defaultImage" .) }}
+	{{- end -}}
+  {{- end -}}
+{{- end -}}
+
+
+{{/*
+Populate audit image ref
+*/}}
+{{- define "loft.auditImageRef" -}}
+{{- $registry := default "docker.io" .Values.audit.imageRef.registry -}}
+{{- $repository := default "library/alpine" .Values.audit.imageRef.repository -}}
+{{- $tag := default "3.13.1" .Values.audit.imageRef.tag -}}
+{{- printf "%s/%s:%s" $registry $repository $tag -}}
+{{- end -}}
+
+{{- define "loft.auditImage" -}}
+  {{- if .Values.audit.imageRef -}}
+    {{ include "loft.auditImageRef" . }}
+  {{- else -}}
+    {{ default "library/alpine:3.13.1" .Values.audit.image }}
   {{- end -}}
 {{- end -}}
 

chart/templates/application.yaml

@@ -0,0 +1,51 @@
+{{- if (dig "gcpMarketplace" "enabled" false (.Values|merge (dict) )) }}
+apiVersion: app.k8s.io/v1beta1
+kind: Application
+metadata:
+  name: "{{ .Release.Name }}"
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    app.kubernetes.io/name: "{{ .Release.Name }}"
+  annotations:
+    marketplace.cloud.google.com/deploy-info: '{"partner_id": "bji0uLnnv1", "product_id": "vcluster", "partner_name": "vCluster Labs"}'
+spec:
+  descriptor:
+    type: vClusterPlatform
+    version: {{ .Chart.Version }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "{{ .Release.Name }}"
+  addOwnerRef: true
+  componentKinds:
+    # Core
+    - group: ""
+      kind: Service
+    - group: ""
+      kind: ServiceAccount
+    - group: ""
+      kind: ConfigMap
+    - group: ""
+      kind: Secret
+    - group: policy
+      kind: PodDisruptionBudget
+    # Workloads
+    - group: apps
+      kind: Deployment
+    # Networking
+    - group: networking.k8s.io
+      kind: Ingress
+    # RBAC
+    - group: rbac.authorization.k8s.io
+      kind: Role
+    - group: rbac.authorization.k8s.io
+      kind: RoleBinding
+    - group: rbac.authorization.k8s.io
+      kind: ClusterRole
+    - group: rbac.authorization.k8s.io
+      kind: ClusterRoleBinding
+    # Admission webhooks used by the chart
+    - group: admissionregistration.k8s.io
+      kind: MutatingWebhookConfiguration
+    - group: admissionregistration.k8s.io
+      kind: ValidatingWebhookConfiguration
+{{- end }}

chart/templates/deployment.yaml

@@ -1,3 +1,9 @@
+{{- if and .Values.multiRegion.enabled (eq .Values.multiRegion.dataSource "") -}}
+  {{ fail "multiRegion.dataSource must be set when multiRegion.enabled is true" }}
+{{- end }}
+{{- if and .Values.multiRegion.enabled (eq .Values.multiRegion.host "") -}}
+  {{ fail "multiRegion.host must be set when multiRegion.enabled is true" }}
+{{- end }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -55,7 +61,7 @@ spec:
         - name: loft-data
           emptyDir: {}
       {{- end }}
-      {{- if .Values.additionalCA }}
+      {{- if and .Values.additionalCA (not .Values.insecureSkipVerify) }}
         - name: loft-additional-ca
           secret:
             secretName: loft-additional-ca
@@ -65,7 +71,10 @@ spec:
         {{- if .Values.agentOnly }}
         command: ["loft", "agent"]
         {{- end }}
-        image: {{ default (include "loft.image" .) .Values.image }}
+        image: {{ include "loft.image" . }}
+        {{- if .Values.imagePullPolicy }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        {{- end }}
         ports:
           - name: http
             containerPort: 8080
@@ -98,19 +107,35 @@ spec:
         {{- end }}
         {{- end }}
         env:
+        {{- if not .Values.admin.create }}
+        - name: ADMIN_SKIP_CREATE
+          value: "true"
+        {{- end }}
         - name: ADMIN_EMAIL
           value: {{ .Values.admin.email | quote }}
         - name: CHART_VERSION
           value: {{ .Chart.Version }}
         {{- if .Values.admin.password }}
+        {{- if hasPrefix "$" .Values.admin.password }}
+        - name: ADMIN_PASSWORD_ENV
+          value: {{ .Values.admin.password }}
+        {{- else }}
         - name: ADMIN_PASSWORD_HASH
           value: {{ .Values.admin.password | sha256sum | quote }}
         {{- end }}
+        {{- end }}
+        {{- if .Values.admin.username }}
+        - name: ADMIN_USERNAME
+          value: {{ .Values.admin.username | quote }}
+        {{- end }}
         {{- if (gt (int .Values.replicaCount) 1) }}
         {{- if not (and .Values.env .Values.env.LEADER_ELECTION_ENABLED) }}
         - name: LEADER_ELECTION_ENABLED
           value: "true"
         {{- end }}
+        {{- else if .Values.multiRegion.enabled }}
+        - name: LEADER_ELECTION_ENABLED
+          value: "true"
         {{- end }}
         {{- range $key, $value := .Values.envValueFrom }}
         - name: {{ $key | quote }}
@@ -141,6 +166,36 @@ spec:
         - name: TS_DEBUG_TLS_DIAL_INSECURE_SKIP_VERIFY
           value: "true"
         {{- end }}
+        {{- if not (hasKey .Values.env "LOFT_MANAGER_IMAGE") }}
+        - name: LOFT_MANAGER_IMAGE
+          value: {{ include "loft.image" . | quote }}
+        {{- end }}
+        {{- if .Values.multiRegion.enabled }}
+        {{- if .Values.config.loftHost }}
+        - name: LOFT_HOST
+          value: {{ .Values.config.loftHost | quote }}
+        {{- end }}
+        - name: LOFT_MULTI_REGION_PLATFORM
+          value: "true"
+        - name: LOFT_MULTI_REGION_PLATFORM_HOST
+          value: {{ .Values.multiRegion.host | quote }}
+        - name: LOFT_EMBEDDED_K8S
+          value: "true"
+        - name: LOFT_EMBEDDED_K8S_DATA_SOURCE
+          value: {{ .Values.multiRegion.dataSource | quote }}
+        {{- if .Values.multiRegion.dataSourceIdentityProvider }}
+        - name: LOFT_EMBEDDED_K8S_DATA_SOURCE_IDENTITY_PROVIDER
+          value: {{ .Values.multiRegion.dataSourceIdentityProvider | quote }}
+        {{- end }}
+        {{- if (gt (int .Values.multiRegion.dataSourceMaxConnections) 1) }}
+        - name: LOFT_EMBEDDED_K8S_MAX_DATABASE_CONNECTIONS
+          value: {{ .Values.multiRegion.dataSourceMaxConnections | quote }}
+        {{- end }}
+        {{- if (gt (int .Values.multiRegion.dataSourceMaxIdleConnections) 1) }}
+        - name: LOFT_EMBEDDED_K8S_MAX_IDLE_CONNECTIONS
+          value: {{ .Values.multiRegion.dataSourceMaxIdleConnections | quote }}
+        {{- end }}
+        {{- end }}
         {{- range $key, $value := .Values.env }}
         - name: {{ $key | quote }}
           value: {{ $value | quote }}
@@ -151,7 +206,7 @@ spec:
         {{- end }}
           - mountPath: /var/lib/loft
             name: loft-data
-        {{- if .Values.additionalCA }}
+        {{- if and .Values.additionalCA (not .Values.insecureSkipVerify) }}
           - name: loft-additional-ca
             mountPath: /etc/ssl/certs/loft-additional-ca.crt
             readOnly: true
@@ -164,25 +219,60 @@ spec:
       {{- if .Values.audit }}
       {{- if .Values.audit.enableSideCar }}
       - name: audit
-        image: "{{ .Values.audit.image }}"
+        image: {{ include "loft.auditImage" . }}
         command: ["sh"]
         args: ["-c", "touch /var/lib/loft/audit.log && tail -F /var/lib/loft/audit.log"]
         volumeMounts:
         - mountPath: /var/lib/loft
           name: loft-data
+        securityContext:
+          {{- toYaml .Values.audit.securityContext | nindent 12 }}
       {{- end }}
       {{- end }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
       {{- end }}
-      {{- if .Values.affinity }}
+
+      {{- $preferredSchedulingTerms := list -}}
+      {{- if and .Values.affinity.nodeAffinity.preferNotToRunOnSpotInstances .Values.affinity.nodeAffinity.preferNotToRunOnSpotInstances.enabled }}
+        {{- range $index, $term := .Values.affinity.nodeAffinity.preferNotToRunOnSpotInstances.terms -}}
+          {{- $preferredSchedulingTerms = append $preferredSchedulingTerms $term -}}
+        {{- end }}
+      {{- end }}
+      {{- range $index, $term := .Values.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution -}}
+        {{- $preferredSchedulingTerms = append $preferredSchedulingTerms $term -}}
+      {{- end }}
+      {{- if  or .Values.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution $preferredSchedulingTerms .Values.affinity.podAffinity .Values.affinity.podAntiAffinity }}
       affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+        {{- if  or .Values.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution $preferredSchedulingTerms }}
+        nodeAffinity:
+          {{- if $preferredSchedulingTerms  }}
+          preferredDuringSchedulingIgnoredDuringExecution:
+{{ toYaml $preferredSchedulingTerms | indent 12 }}
+          {{- end }}
+          {{- if .Values.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution }}
+          requiredDuringSchedulingIgnoredDuringExecution:
+{{ toYaml .Values.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution | indent 12 }}
+          {{- end }}
+        {{- end }}
+        {{- if or .Values.affinity.podAffinity }}
+        podAffinity:
+{{ toYaml .Values.affinity.podAffinity | indent 10 }}
+        {{- end }}
+        {{- if or .Values.affinity.podAntiAffinity }}
+        podAntiAffinity:
+{{ toYaml .Values.affinity.podAntiAffinity | indent 10 }}
+        {{- end }}
       {{- end }}
+
       {{- if .Values.tolerations }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.hostAliases }}
+      hostAliases:
+{{ toYaml .Values.hostAliases | indent 8 }}
       {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}

chart/templates/ingress-wakeup-service.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     app: {{ template "loft.fullname" . }}
-    loft.sh/service: {{ template "loft.fullname" . }}
+    loft.sh/service: {{ template "loft.fullname" . }}-ingress-wakeup-agent
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}"

chart/templates/ingress.yaml

@@ -13,8 +13,6 @@ metadata:
       {{- toYaml . | nindent 4 }}
     {{- end }}
   annotations:
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "43200"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "43200"
     nginx.org/websocket-services: loft
     {{- with .Values.ingress.annotations }}
       {{- toYaml . | nindent 4 }}
@@ -27,7 +25,7 @@ spec:
   ingressClassName: {{ .Values.ingress.ingressClass }}
   {{- end }}
   rules:
-    - host: {{ .Values.ingress.host }}
+    - host: {{ .Values.ingress.host | quote }}
       http:
         paths:
           - path: {{ .Values.ingress.path }}
@@ -40,7 +38,7 @@ spec:
   {{- if .Values.ingress.tls.enabled }}
   tls:
     - hosts:
-        - {{ .Values.ingress.host }}
+        - {{ .Values.ingress.host | quote }}
       {{- if .Values.ingress.tls.secret }}
       secretName: {{ .Values.ingress.tls.secret }}
       {{- end }}

chart/templates/secret.yaml

@@ -75,7 +75,7 @@ data:
   url: {{ toYaml .Values.url | b64enc }}
 {{- end }}
 
-{{- if .Values.additionalCA }}
+{{- if and .Values.additionalCA (not .Values.insecureSkipVerify) }}
 ---
 apiVersion: v1
 kind: Secret

chart/tests/application_test.yaml

@@ -0,0 +1,34 @@
+suite: gcpMarketplace Application test
+templates:
+  - templates/application.yaml
+
+tests:
+  - it: does not panic if gcpMarketplace is null and does not render the application
+    set:
+      gcpMarketplace: null
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: does not panic if gcpMarketplace is not set
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: renders application if gcpMarketplace.enabled is true
+    set:
+      gcpMarketplace:
+        enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: Application
+
+  - it: does not render application if gcpMarketplace.enabled is false
+    set:
+      gcpMarketplace:
+        enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0