returns true if the specified resource kind (case-insensitive) is represented in the cluster
{{ include "helm_lib_kind_exists" (list . "<kind-name>") }}
list:
- Template context with .Values, .Chart, etc
- Kind name portion
returns current apiVersion string, based on available helm capabilities, for the provided kind (not all kinds are supported)
{{ include "helm_lib_get_api_version_by_kind" (list . "<kind-name>") }}
list:
- Template context with .Values, .Chart, etc
- Kind name portion
Adds cluster-autoscaler.kubernetes.io/enable-ds-eviction annotation to manage DaemonSet eviction by the Cluster Autoscaler.
This is important to prevent the eviction of DaemonSet pods during cluster scaling.
{{ include "helm_lib_prevent_ds_eviction_annotation" . }}
Add HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables for container depends on proxy settings
{{ include "helm_lib_envs_for_proxy" . }}
- Template context with .Values, .Chart, etc
returns value "yes" if cluster is highly available, else — returns "no"
{{ include "helm_lib_is_ha_to_value" (list . yes no) }}
list:
- Template context with .Values, .Chart, etc
- Yes value
- No value
returns empty value, which is treated by go template as false
{{- if (include "helm_lib_ha_enabled" .) }}
- Template context with .Values, .Chart, etc
Renders configmap with kube-rbac-proxy CA certificate which uses to verify the kube-rbac-proxy clients.
{{ include "helm_lib_kube_rbac_proxy_ca_certificate" (list . "namespace") }}
list:
- Template context with .Values, .Chart, etc
- Namespace where CA configmap will be created
returns rendered documentation uri using publicDomainTemplate or deckhouse.io domains
{{ include "helm_lib_module_documentation_uri" (list . "<path_to_document>") }}
50Mi for container logs log-opts.max-file * log-opts.max-size would be added to passed value
returns ephemeral-storage size for logs with extra space
{{ include "helm_lib_module_ephemeral_storage_logs_with_extra" 10 }}
- Extra space in mebibytes
50Mi for container logs log-opts.max-file * log-opts.max-size would be requested
returns ephemeral-storage size for only logs
{{ include "helm_lib_module_ephemeral_storage_only_logs" . }}
- Template context with .Values, .Chart, etc
returns the commonName parameter for use in the Certificate custom resource(cert-manager)
{{ include "helm_lib_module_generate_common_name" (list . "<name-portion>") }}
list:
- Template context with .Values, .Chart, etc
- Name portion
return module uri scheme "http" or "https"
{{ include "helm_lib_module_uri_scheme" . }}
- Template context with .Values, .Chart, etc
returns https mode for module
{{ if (include "helm_lib_module_https_mode" .) }}
- Template context with .Values, .Chart, etc
returns cluster issuer name
{{ include "helm_lib_module_https_cert_manager_cluster_issuer_name" . }}
- Template context with .Values, .Chart, etc
returns not empty string if tls should enable for ingress
{{ if (include "helm_lib_module_https_ingress_tls_enabled" .) }}
- Template context with .Values, .Chart, etc
Renders secret with custom certificate in passed namespace with passed prefix
{{ include "helm_lib_module_https_copy_custom_certificate" (list . "namespace" "secret_name_prefix") }}
list:
- Template context with .Values, .Chart, etc
- Namespace
- Secret name prefix
returns custom certificate name
{{ include "helm_lib_module_https_secret_name (list . "secret_name_prefix") }}
list:
- Template context with .Values, .Chart, etc
- Secret name prefix
returns image name
{{ include "helm_lib_module_image" (list . "<container-name>") }}
list:
- Template context with .Values, .Chart, etc
- Container name
returns image name if found
{{ include "helm_lib_module_image_no_fail" (list . "<container-name>") }}
list:
- Template context with .Values, .Chart, etc
- Container name
returns image name from common module
{{ include "helm_lib_module_common_image" (list . "<container-name>") }}
list:
- Template context with .Values, .Chart, etc
- Container name
returns image name from common module if found
{{ include "helm_lib_module_common_image_no_fail" (list . "<container-name>") }}
list:
- Template context with .Values, .Chart, etc
- Container name
returns ingress class from module settings or if not exists from global config
{{ include "helm_lib_module_ingress_class" . }}
- Template context with .Values, .Chart, etc
returns initContainer which chowns recursively all files and directories in passed volume
{{ include "helm_lib_module_init_container_chown_nobody_volume" (list . "volume-name") }}
returns initContainer which chowns recursively all files and directories in passed volume
{{ include "helm_lib_module_init_container_chown_deckhouse_volume" (list . "volume-name") }}
returns initContainer which checks the kernel version on the node for compliance to semver constraint
{{ include "helm_lib_module_init_container_check_linux_kernel" (list . ">= 4.9.17") }}
list:
- Template context with .Values, .Chart, etc
- Semver constraint
returns deckhouse labels
{{ include "helm_lib_module_labels" (list . (dict "app" "test" "component" "testing")) }}
list:
- Template context with .Values, .Chart, etc
- Additional labels dict
returns rendered publicDomainTemplate to service fqdn
{{ include "helm_lib_module_public_domain" (list . "<name-portion>") }}
list:
- Template context with .Values, .Chart, etc
- Name portion
returns PodSecurityContext parameters for Pod with custom user and group
{{ include "helm_lib_module_pod_security_context_run_as_user_custom" (list . 1000 1000) }}
list:
- Template context with .Values, .Chart, etc
- User id
- Group id
returns PodSecurityContext parameters for Pod with user and group "nobody"
{{ include "helm_lib_module_pod_security_context_run_as_user_nobody" . }}
- Template context with .Values, .Chart, etc
returns PodSecurityContext parameters for Pod with user and group "nobody" with write access to mounted volumes
{{ include "helm_lib_module_pod_security_context_run_as_user_nobody_with_writable_fs" . }}
- Template context with .Values, .Chart, etc
returns PodSecurityContext parameters for Pod with user and group "deckhouse"
{{ include "helm_lib_module_pod_security_context_run_as_user_deckhouse" . }}
- Template context with .Values, .Chart, etc
returns PodSecurityContext parameters for Pod with user and group "deckhouse" with write access to mounted volumes
{{ include "helm_lib_module_pod_security_context_run_as_user_deckhouse_with_writable_fs" . }}
- Template context with .Values, .Chart, etc
returns SecurityContext parameters for Container with user and group "deckhouse" plus minimal required settings to comply with the Restricted mode of the Pod Security Standards
{{ include "helm_lib_module_container_security_context_run_as_user_deckhouse_pss_restricted" . }}
- Template context with .Values, .Chart, etc
returns PodSecurityContext parameters for Pod with user and group 0
{{ include "helm_lib_module_pod_security_context_run_as_user_root" . }}
- Template context with .Values, .Chart, etc
returns PodSecurityContext parameters for Pod with seccomp profile RuntimeDefault
{{ include "helm_lib_module_pod_security_context_runtime_default" . }}
- Template context with .Values, .Chart, etc
returns SecurityContext parameters for Container with allowPrivilegeEscalation false
{{ include "helm_lib_module_container_security_context_not_allow_privilege_escalation" . }}
returns SecurityContext parameters for Container with read only root filesystem and options for SELinux compatibility
{{ include "helm_lib_module_container_security_context_read_only_root_filesystem_with_selinux" . }}
- Template context with .Values, .Chart, etc
returns SecurityContext parameters for Container with read only root filesystem
{{ include "helm_lib_module_container_security_context_read_only_root_filesystem" . }}
- Template context with .Values, .Chart, etc
returns SecurityContext parameters for Container running privileged
{{ include "helm_lib_module_container_security_context_privileged" . }}
returns SecurityContext parameters for Container running privileged with escalation and sys_admin
{{ include "helm_lib_module_container_security_context_escalated_sys_admin_privileged" . }}
returns SecurityContext parameters for Container running privileged with read only root filesystem
{{ include "helm_lib_module_container_security_context_privileged_read_only_root_filesystem" . }}
- Template context with .Values, .Chart, etc
returns SecurityContext for Container with read only root filesystem and all capabilities dropped
{{ include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all" . }}
- Template context with .Values, .Chart, etc
returns SecurityContext parameters for Container with read only root filesystem, all dropped and some added capabilities
{{ include "helm_lib_module_container_security_context_read_only_root_filesystem_capabilities_drop_all_and_add" (list . (list "KILL" "SYS_PTRACE")) }}
list:
- Template context with .Values, .Chart, etc
- List of capabilities
returns SecurityContext parameters for Container with all dropped and some added capabilities
{{ include "helm_lib_module_container_security_context_capabilities_drop_all_and_add" (list . (list "KILL" "SYS_PTRACE")) }}
list:
- Template context with .Values, .Chart, etc
- List of capabilities
returns SecurityContext parameters for Container with read only root filesystem, all dropped, and custom user ID
{{ include "helm_lib_module_container_security_context_capabilities_drop_all_and_run_as_user_custom" (list . 1000 1000) }}
list:
- Template context with .Values, .Chart, etc
- User id
- Group id
return module StorageClass annotations
{{ include "helm_lib_module_storage_class_annotations" (list $ $index $storageClass.name) }}
list:
- Template context with .Values, .Chart, etc
- Storage class index
- Storage class name
returns all the dashboard-definintions from / current dir is optional — used for recursion but you can use it for partially generating dashboards
{{ include "helm_lib_grafana_dashboard_definitions_recursion" (list . <root dir> [current dir]) }}
list:
- Template context with .Values, .Chart, etc
- Dashboards root dir
- Dashboards current dir
returns dashboard-definintions from monitoring/grafana-dashboards/
{{ include "helm_lib_grafana_dashboard_definitions" . }}
- Template context with .Values, .Chart, etc
renders a single dashboard
{{ include "helm_lib_single_dashboard" (list . "dashboard-name" "folder" $dashboard) }}
list:
- Template context with .Values, .Chart, etc
- Dashboard name
- Folder
- Dashboard definition
returns all the prometheus rules from / current dir is optional — used for recursion but you can use it for partially generating rules
{{ include "helm_lib_prometheus_rules_recursion" (list . <namespace> <root dir> [current dir]) }}
list:
- Template context with .Values, .Chart, etc
- Namespace for creating rules
- Rules root dir
- Current dir (optional)
returns all the prometheus rules from monitoring/prometheus-rules/
{{ include "helm_lib_prometheus_rules" (list . <namespace>) }}
list:
- Template context with .Values, .Chart, etc
- Namespace for creating rules
returns adjust timeout value to scrape interval /
{{ include "helm_lib_prometheus_target_scrape_timeout_seconds" (list . <timeout>) }}
list:
- Template context with .Values, .Chart, etc
- Target timeout in seconds
Verify node selector strategy.
Returns node selector for workloads depend on strategy.
list:
- Template context with .Values, .Chart, etc
- strategy, one of "frontend" "monitoring" "system" "master" "any-node" "wildcard"
Returns tolerations for workloads depend on strategy.
{{ include "helm_lib_tolerations" (tuple . "any-node" "with-uninitialized" "without-storage-problems") }}
list:
- Template context with .Values, .Chart, etc
- base strategy, one of "frontend" "monitoring" "system" any-node" "wildcard"
- list of additional strategies. To add strategy list it with prefix "with-", to remove strategy list it with prefix "without-".
Check cluster type. Returns not empty string if this is cloud or hybrid cluster
Verify base strategy. Fails if strategy not in allowed list
Base strategy for any uncordoned node in cluster.
{{ include "helm_lib_tolerations" (tuple . "any-node") }}
Base strategy that tolerates all.
{{ include "helm_lib_tolerations" (tuple . "wildcard") }}
Base strategy that tolerates nodes with "dedicated.deckhouse.io: monitoring" and "dedicated.deckhouse.io: system" taints.
{{ include "helm_lib_tolerations" (tuple . "monitoring") }}
Base strategy that tolerates nodes with "dedicated.deckhouse.io: frontend" taints.
{{ include "helm_lib_tolerations" (tuple . "frontend") }}
Base strategy that tolerates nodes with "dedicated.deckhouse.io: system" taints.
{{ include "helm_lib_tolerations" (tuple . "system") }}
Additional strategy "uninitialized" - used for CNI's and kube-proxy to allow cni components scheduled on node after CCM initialization.
{{ include "helm_lib_tolerations" (tuple . "any-node" "with-uninitialized") }}
Additional strategy "node-problems" - used for shedule critical components on non-ready nodes or nodes under pressure.
{{ include "helm_lib_tolerations" (tuple . "any-node" "with-node-problems") }}
Additional strategy "storage-problems" - used for shedule critical components on nodes with drbd problems. This additional strategy enabled by default in any base strategy except "wildcard".
{{ include "helm_lib_tolerations" (tuple . "any-node" "without-storage-problems") }}
Additional strategy "no-csi" - used for any node with no CSI: any node, which was initialized by deckhouse, but have no csi-node driver registered on it.
{{ include "helm_lib_tolerations" (tuple . "any-node" "with-no-csi") }}
Additional strategy "cloud-provider-uninitialized" - used for any node which is not initialized by CCM.
{{ include "helm_lib_tolerations" (tuple . "any-node" "with-cloud-provider-uninitialized") }}
Returns PDB max unavailable
{{ include "helm_lib_pdb_daemonset" . }}
- Template context with .Values, .Chart, etc
returns priority class if priority-class module enabled, otherwise returns nothing
list:
- Template context with .Values, .Chart, etc
- Priority class name
returns rendered resources section based on configuration if it is
{{ include "helm_lib_resources_management_pod_resources" (list <resources configuration> [ephemeral storage requests]) }}
list:
- VPA resource configuration example
- Ephemeral storage requests
returns rendered resources section based on configuration if it is present
{{ include "helm_lib_resources_management_original_pod_resources" <resources configuration> }}
- VPA resource configuration example
returns rendered vpa spec based on configuration and target reference
{{ include "helm_lib_resources_management_vpa_spec" (list <target apiversion> <target kind> <target name> <target container> <resources configuration> ) }}
list:
- Target API version
- Target Kind
- Target Name
- Target container name
- VPA resource configuration example
helper for converting cpu units to millicores
{{ include "helm_lib_resources_management_cpu_units_to_millicores" <cpu units> }}
helper for converting memory units to bytes
{{ include "helm_lib_resources_management_memory_units_to_bytes" <memory units> }}
helper for VPA resources for kube_rbac_proxy
{{ include "helm_lib_vpa_kube_rbac_proxy_resources" . }}
- Template context with .Values, .Chart, etc
helper for container resources for kube_rbac_proxy
{{ include "helm_lib_container_kube_rbac_proxy_resources" . }}
- Template context with .Values, .Chart, etc
returns pod affinity spec
{{ include "helm_lib_pod_anti_affinity_for_ha" (list . (dict "app" "test")) }}
list:
- Template context with .Values, .Chart, etc
- Match labels for podAntiAffinity label selector
returns deployment strategy and replicas for ha components running on master nodes
{{ include "helm_lib_deployment_on_master_strategy_and_replicas_for_ha" }}
- Template context with .Values, .Chart, etc
returns deployment with custom strategy and replicas for ha components running on master nodes
{{ include "helm_lib_deployment_on_master_custom_strategy_and_replicas_for_ha" (list . (dict "strategy" "strategy_type")) }}
returns deployment strategy and replicas for ha components running not on master nodes
{{ include "helm_lib_deployment_strategy_and_replicas_for_ha" }}
- Template context with .Values, .Chart, etc