Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/2024.2 / . / charts / ingress-nginx / templates / _helpers.tpl
blob: 6cbda2d4d26c1626c529d4f750b00d891987bfc7 [file] [log] [blame]
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]1{{/* vim: set filetype=mustache: */}}
2{{/*
3Expand the name of the chart.
4*/}}
5{{- define "ingress-nginx.name" -}}
6{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
7{{- end -}}
8
9{{/*
10Create chart name and version as used by the chart label.
11*/}}
12{{- define "ingress-nginx.chart" -}}
13{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
14{{- end -}}
15
16{{/*
17Create a default fully qualified app name.
18We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
19*/}}
20{{- define "ingress-nginx.fullname" -}}
21{{- if .Values.fullnameOverride -}}
22{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
23{{- else -}}
24{{- $name := default .Chart.Name .Values.nameOverride -}}
25{{- if contains $name .Release.Name -}}
26{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
27{{- else -}}
28{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
29{{- end -}}
30{{- end -}}
31{{- end -}}
32
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]33{{/*
34Expand the namespace of the release.
35Allows overriding it for multi-namespace deployments in combined charts.
36*/}}
37{{- define "ingress-nginx.namespace" -}}
38{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
39{{- end -}}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]40
41{{/*
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]42Controller container security context.
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]43*/}}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]44{{- define "ingress-nginx.controller.containerSecurityContext" -}}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]45{{- if .Values.controller.containerSecurityContext -}}
46{{- toYaml .Values.controller.containerSecurityContext -}}
47{{- else -}}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]48runAsNonRoot: {{ .Values.controller.image.runAsNonRoot }}
49runAsUser: {{ .Values.controller.image.runAsUser }}
Yaguang Tang1ae6bcb2025-03-25 14:24:29 +0800[diff] [blame]50runAsGroup: {{ .Values.controller.image.runAsGroup }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]51allowPrivilegeEscalation: {{ or .Values.controller.image.allowPrivilegeEscalation .Values.controller.image.chroot }}
52{{- if .Values.controller.image.seccompProfile }}
53seccompProfile: {{ toYaml .Values.controller.image.seccompProfile | nindent 2 }}
54{{- end }}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]55capabilities:
56 drop:
57 - ALL
58 add:
59 - NET_BIND_SERVICE
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]60 {{- if .Values.controller.image.chroot }}
61 {{- if .Values.controller.image.seccompProfile }}
62 - SYS_ADMIN
63 {{- end }}
64 - SYS_CHROOT
65 {{- end }}
66readOnlyRootFilesystem: {{ .Values.controller.image.readOnlyRootFilesystem }}
67{{- end -}}
68{{- end -}}
69
70{{/*
71Get specific image
72*/}}
73{{- define "ingress-nginx.image" -}}
74{{- if .chroot -}}
75{{- printf "%s-chroot" .image -}}
76{{- else -}}
77{{- printf "%s" .image -}}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]78{{- end }}
79{{- end -}}
80
81{{/*
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]82Get specific image digest
83*/}}
84{{- define "ingress-nginx.imageDigest" -}}
85{{- if .chroot -}}
86{{- if .digestChroot -}}
87{{- printf "@%s" .digestChroot -}}
88{{- end }}
89{{- else -}}
90{{ if .digest -}}
91{{- printf "@%s" .digest -}}
92{{- end -}}
93{{- end -}}
94{{- end -}}
95
96{{/*
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]97Create a default fully qualified controller name.
98We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
99*/}}
100{{- define "ingress-nginx.controller.fullname" -}}
101{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
102{{- end -}}
103
104{{/*
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]105Construct a unique electionID.
106Users can provide an override for an explicit electionID if they want via `.Values.controller.electionID`
107*/}}
108{{- define "ingress-nginx.controller.electionID" -}}
109{{- $defElectionID := printf "%s-leader" (include "ingress-nginx.fullname" .) -}}
110{{- $electionID := default $defElectionID .Values.controller.electionID -}}
111{{- print $electionID -}}
112{{- end -}}
113
114{{/*
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]115Construct the path for the publish-service.
116
117By convention this will simply use the <namespace>/<controller-name> to match the name of the
118service generated.
119
120Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]121*/}}
122{{- define "ingress-nginx.controller.publishServicePath" -}}
123{{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}}
124{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
125{{- print $servicePath | trimSuffix "-" -}}
126{{- end -}}
127
128{{/*
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]129Common labels
130*/}}
131{{- define "ingress-nginx.labels" -}}
132helm.sh/chart: {{ include "ingress-nginx.chart" . }}
133{{ include "ingress-nginx.selectorLabels" . }}
134{{- if .Chart.AppVersion }}
135app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
136{{- end }}
137app.kubernetes.io/part-of: {{ template "ingress-nginx.name" . }}
138app.kubernetes.io/managed-by: {{ .Release.Service }}
139{{- if .Values.commonLabels}}
140{{ toYaml .Values.commonLabels }}
141{{- end }}
142{{- end -}}
143
144{{/*
145Selector labels
146*/}}
147{{- define "ingress-nginx.selectorLabels" -}}
148app.kubernetes.io/name: {{ include "ingress-nginx.name" . }}
149app.kubernetes.io/instance: {{ .Release.Name }}
150{{- end -}}
151
152{{/*
153Create the name of the controller service account to use
154*/}}
155{{- define "ingress-nginx.serviceAccountName" -}}
156{{- if .Values.serviceAccount.create -}}
157 {{ default (include "ingress-nginx.fullname" .) .Values.serviceAccount.name }}
158{{- else -}}
159 {{ default "default" .Values.serviceAccount.name }}
160{{- end -}}
161{{- end -}}
162
163{{/*
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]164Create a default fully qualified admission webhook name.
165We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
166*/}}
167{{- define "ingress-nginx.admissionWebhooks.fullname" -}}
168{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.admissionWebhooks.name | trunc 63 | trimSuffix "-" -}}
169{{- end -}}
170
171{{/*
Yaguang Tang1ae6bcb2025-03-25 14:24:29 +0800[diff] [blame]172Create the name of the admission webhook patch job service account to use
173*/}}
174{{- define "ingress-nginx.admissionWebhooks.patch.serviceAccountName" -}}
175{{- if .Values.controller.admissionWebhooks.patch.serviceAccount.create -}}
176 {{ default (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
177{{- else -}}
178 {{ default "default" .Values.controller.admissionWebhooks.patch.serviceAccount.name }}
179{{- end -}}
180{{- end -}}
181
182{{/*
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]183Create a default fully qualified admission webhook secret creation job name.
184We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
185*/}}
186{{- define "ingress-nginx.admissionWebhooks.createSecretJob.fullname" -}}
187{{- printf "%s-%s" (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.createSecretJob.name | trunc 63 | trimSuffix "-" -}}
188{{- end -}}
189
190{{/*
191Create a default fully qualified admission webhook patch job name.
192We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
193*/}}
194{{- define "ingress-nginx.admissionWebhooks.patchWebhookJob.fullname" -}}
195{{- printf "%s-%s" (include "ingress-nginx.admissionWebhooks.fullname" .) .Values.controller.admissionWebhooks.patchWebhookJob.name | trunc 63 | trimSuffix "-" -}}
196{{- end -}}
197
198{{/*
199Create a default fully qualified default backend name.
200We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
201*/}}
202{{- define "ingress-nginx.defaultBackend.fullname" -}}
203{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
204{{- end -}}
205
206{{/*
Yaguang Tang1ae6bcb2025-03-25 14:24:29 +0800[diff] [blame]207Create the name of the default backend service account to use
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500[diff] [blame]208*/}}
209{{- define "ingress-nginx.defaultBackend.serviceAccountName" -}}
210{{- if .Values.defaultBackend.serviceAccount.create -}}
211 {{ default (printf "%s-backend" (include "ingress-nginx.fullname" .)) .Values.defaultBackend.serviceAccount.name }}
212{{- else -}}
213 {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }}
214{{- end -}}
215{{- end -}}
216
217{{/*
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]218Default backend container security context.
219*/}}
220{{- define "ingress-nginx.defaultBackend.containerSecurityContext" -}}
221{{- if .Values.defaultBackend.containerSecurityContext -}}
222{{- toYaml .Values.defaultBackend.containerSecurityContext -}}
223{{- else -}}
224runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
225runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
Yaguang Tang1ae6bcb2025-03-25 14:24:29 +0800[diff] [blame]226runAsGroup: {{ .Values.defaultBackend.image.runAsGroup }}
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]227allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
228{{- if .Values.defaultBackend.image.seccompProfile }}
229seccompProfile: {{ toYaml .Values.defaultBackend.image.seccompProfile | nindent 2 }}
230{{- end }}
231capabilities:
232 drop:
233 - ALL
234readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem }}
235{{- end -}}
236{{- end -}}
237
238{{/*
Mohammed Naser65cda132024-05-02 14:34:08 -0400[diff] [blame]239Extra modules.
240*/}}
241{{- define "extraModules" -}}
242- name: {{ .name }}
243 {{- with .image }}
244 image: {{ if .repository }}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{ end }}:{{ .tag }}{{ if .digest }}@{{ .digest }}{{ end }}
245 command:
246 {{- if .distroless }}
247 - /init_module
248 {{- else }}
249 - sh
250 - -c
251 - /usr/local/bin/init_module.sh
252 {{- end }}
253 {{- end }}
254 {{- if .containerSecurityContext }}
255 securityContext: {{ toYaml .containerSecurityContext | nindent 4 }}
256 {{- end }}
257 {{- if .resources }}
258 resources: {{ toYaml .resources | nindent 4 }}
259 {{- end }}
260 volumeMounts:
261 - name: modules
262 mountPath: /modules_mount
263{{- end -}}