First commit
This commit is contained in:
commit
ce5f695d1e
|
@ -0,0 +1,29 @@
|
|||
{{ if (.Values.vpa).enabled }}
|
||||
{{ if .Values.resources }}
|
||||
apiVersion: autoscaling.k8s.io/v1
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "zot.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "zot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
resourcePolicy:
|
||||
containerPolicies:
|
||||
- containerName: manager
|
||||
controlledValues: RequestsAndLimits
|
||||
minAllowed:
|
||||
cpu: {{ .Values.resources.requests.cpu }}
|
||||
memory: {{ .Values.resources.requests.memory }}
|
||||
maxAllowed:
|
||||
cpu: {{ .Values.resources.limits.cpu }}
|
||||
memory: {{ .Values.resources.limits.memory }}
|
||||
mode: Auto
|
||||
targetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ include "zot.fullname" . }}
|
||||
updatePolicy:
|
||||
updateMode: Auto
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,54 @@
|
|||
repositories:
|
||||
# -- Because their helm repo seems not to be accessible
|
||||
- name: zot-git
|
||||
git:
|
||||
url: https://github.com/project-zot/helm-charts.git
|
||||
git_ref: zot-0.1.42
|
||||
path: charts
|
||||
charts:
|
||||
- name: zot
|
||||
repository: zot-git
|
||||
extensions:
|
||||
- name: All extensions to zop
|
||||
source_dir: ./extensions
|
||||
target_dir: templates/gs-extensions
|
||||
patches:
|
||||
- name: Add team annotation
|
||||
yq:
|
||||
op: Add
|
||||
key: .annotations."application.giantswarm.io/team"
|
||||
value: team-honeybadger
|
||||
file: Chart.yaml
|
||||
- name:
|
||||
yq:
|
||||
op: Add
|
||||
key: .home
|
||||
value: https://github.com/giantswarm/flux-app
|
||||
file: Chart.yaml
|
||||
- name:
|
||||
yq:
|
||||
op: Add
|
||||
key: .engine
|
||||
value: gtpl
|
||||
file: Chart.yaml
|
||||
- name: Regexp patches
|
||||
regexp:
|
||||
path: ./patches
|
||||
- name: yaml-fmt
|
||||
custom_command:
|
||||
commands:
|
||||
- "cat <<EOT >> .yamlfmt\n formatter:\n pad_line_comments: 2\nEOT"
|
||||
- yamlfmt values.yaml --conf ./yamlfmt.yaml
|
||||
- rm -f yamlfmt.yaml
|
||||
mirrors:
|
||||
- custom-command
|
||||
mirrors:
|
||||
- name: badhouseplants-git
|
||||
git:
|
||||
url: git@git.badhouseplants.net:allanger/zot-app.git
|
||||
branch: upgrade-{{ name }}-to-{{ version }}
|
||||
path: charts/{{ name }}
|
||||
commit: |-
|
||||
chore: mirror {{ name }}-{{ version }}
|
||||
|
||||
upstream_repo: {{ repo_url }}
|
|
@ -0,0 +1,89 @@
|
|||
---
|
||||
name: Replace image repository in values
|
||||
targets:
|
||||
- values.yaml
|
||||
before: |-
|
||||
image:
|
||||
repository: ghcr.io/project-zot/zot-linux-amd64
|
||||
pullPolicy: IfNotPresent
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: "v2.0.0"
|
||||
after: |-
|
||||
image:
|
||||
repository: gsoci/dummy/zot-linux
|
||||
pullPolicy: Always
|
||||
tag: ""
|
||||
---
|
||||
name: Fix security policies in the deployment
|
||||
targets:
|
||||
- templates/deployment.yaml
|
||||
before: |-
|
||||
\{\{- toYaml .Values.podSecurityContext .*
|
||||
after: |-
|
||||
fsGroup: 1337
|
||||
{{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
|
||||
{{- with .Values.podSeccompProfile }}
|
||||
seccompProfile:
|
||||
{{- . | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
name: Fix security policies in container
|
||||
targets:
|
||||
- templates/deployment.yaml
|
||||
before: |-
|
||||
\{\{- toYaml .Values.securityContext .*
|
||||
after: |-
|
||||
{{- with .Values.containerSecurityContext }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 100
|
||||
{{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
|
||||
{{- with .Values.seccompProfile }}
|
||||
seccompProfile:
|
||||
{{- . | toYaml | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
name: Fix security policies in test jobs
|
||||
targets:
|
||||
- templates/tests/test-connection-fails.yaml
|
||||
- templates/tests/test-connection.yaml
|
||||
before: |-
|
||||
spec:
|
||||
containers:
|
||||
after: |-
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 1337
|
||||
{{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
|
||||
{{- with .Values.podSeccompProfile }}
|
||||
seccompProfile:
|
||||
{{- . | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
---
|
||||
name: Fix security policies in test jobs containers
|
||||
targets:
|
||||
- templates/tests/test-connection-fails.yaml
|
||||
- templates/tests/test-connection.yaml
|
||||
before: |-
|
||||
containers:
|
||||
- name: wget
|
||||
after: |-
|
||||
containers:
|
||||
- name: wget
|
||||
securityContext:
|
||||
{{- with .Values.containerSecurityContext }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 100
|
||||
{{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
|
||||
{{- with .Values.seccompProfile }}
|
||||
seccompProfile:
|
||||
{{- . | toYaml | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
Loading…
Reference in New Issue