drycc-addons
diff --git a/‎addons/etcd/3.6/chart/etcd-3.6/CHANGELOG.md‎
Lines changed: 1877 additions & 0 deletions b/‎addons/etcd/3.6/chart/etcd-3.6/CHANGELOG.md‎
Lines changed: 1877 additions & 0 deletions
diff --git a/‎addons/etcd/3.6/chart/etcd-3.6/Chart.yaml‎
Lines changed: 35 additions & 0 deletions b/‎addons/etcd/3.6/chart/etcd-3.6/Chart.yaml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎addons/etcd/3.6/chart/etcd-3.6/README.md‎
Lines changed: 899 additions & 0 deletions b/‎addons/etcd/3.6/chart/etcd-3.6/README.md‎
Lines changed: 899 additions & 0 deletions
diff --git a/‎addons/etcd/3.6/chart/etcd-3.6/templates/NOTES.txt‎
Lines changed: 121 additions & 0 deletions b/‎addons/etcd/3.6/chart/etcd-3.6/templates/NOTES.txt‎
Lines changed: 121 additions & 0 deletions
diff --git a/‎addons/etcd/3.6/chart/etcd-3.6/templates/_helpers.tpl‎
Lines changed: 213 additions & 0 deletions b/‎addons/etcd/3.6/chart/etcd-3.6/templates/_helpers.tpl‎
Lines changed: 213 additions & 0 deletions
diff --git a/‎addons/etcd/3.6/chart/etcd-3.6/templates/configmap.yaml‎
Lines changed: 20 additions & 0 deletions b/‎addons/etcd/3.6/chart/etcd-3.6/templates/configmap.yaml‎
Lines changed: 20 additions & 0 deletions
@@ -0,0 +1,35 @@
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+
+annotations:
+  images: |
+    - name: etcd
+      image: registry.drycc.cc/drycc-addons/etcd:3.6
+    - name: base
+      image: registry.drycc.cc/drycc/base:trixie
+  licenses: Apache-2.0
+  tanzuCategory: service
+apiVersion: v2
+appVersion: 3.6.6
+dependencies:
+  - name: common
+    repository: oci://registry.drycc.cc/charts
+    version: ~1.1.4
+description: etcd is a distributed key-value store designed to securely store data
+  across a cluster. etcd is widely used in production on account of its reliability,
+  fault-tolerance and ease of use.
+home: https://bitnami.com
+icon: https://dyltqmyl993wv.cloudfront.net/assets/stacks/etcd/img/etcd-stack-220x234.png
+keywords:
+- etcd
+- cluster
+- database
+- cache
+- key-value
+maintainers:
+- name: Broadcom, Inc. All Rights Reserved.
+  url: https://github.com/bitnami/charts
+name: etcd
+sources:
+- https://github.com/bitnami/charts/tree/main/bitnami/etcd
+version: 12.0.20
@@ -0,0 +1,121 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+
+{{- if and (eq .Values.service.type "LoadBalancer") .Values.auth.rbac.allowNoneAuthentication }}
+-------------------------------------------------------------------------------
+ WARNING
+
+    By specifying "service.type=LoadBalancer", "auth.rbac.enabled=false" and
+    "auth.rbac.allowNoneAuthentication=true" you have most likely exposed the etcd
+    service externally without any authentication mechanism.
+
+    For security reasons, we strongly suggest that you switch to "ClusterIP" or
+    "NodePort". As alternative, you can also switch to "auth.rbac.enabled=true"
+    providing a valid password on "auth.rbac.rootPassword" parameter.
+
+-------------------------------------------------------------------------------
+{{- end }}
+
+** Please be patient while the chart is being deployed **
+
+{{- if .Values.diagnosticMode.enabled }}
+The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
+
+  command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
+  args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
+
+Get the list of pods by executing:
+
+  kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
+
+Access the pod you want to debug by executing
+
+  kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
+
+In order to replicate the container startup scripts execute this command:
+
+    /opt/drycc/scripts/etcd/entrypoint.sh /opt/drycc/scripts/etcd/run.sh
+
+{{- else }}
+
+etcd can be accessed via port {{ .Values.service.ports.client }} on the following DNS name from within your cluster:
+
+    {{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}
+
+To create a pod that you can use as a etcd client run the following command:
+
+    kubectl run {{ template "common.names.fullname" . }}-client --restart='Never' --image {{ template "etcd.image" . }}{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }} --env ROOT_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ if .Values.auth.rbac.existingSecret }}{{ .Values.auth.rbac.existingSecret }}{{ else }}{{ template "common.names.fullname" . }}{{ end }} -o jsonpath="{{ if .Values.auth.rbac.existingSecret }}{.data.{{ .Values.auth.rbac.existingSecretPasswordKey }}}{{ else }}{.data.etcd-root-password}{{ end }}" | base64 -d){{- end }} --env ETCDCTL_ENDPOINTS="{{ template "common.names.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.ports.client }}" --namespace {{ include "common.names.namespace" . }} --command -- sleep infinity
+
+Then, you can set/get a key using the commands below:
+
+    kubectl exec --namespace {{ include "common.names.namespace" . }} -it {{ template "common.names.fullname" . }}-client -- bash
+    {{- $etcdAuthOptions := include "etcd.authOptions" . }}
+    etcdctl {{ $etcdAuthOptions }} put /message Hello
+    etcdctl {{ $etcdAuthOptions }} get /message
+
+To connect to your etcd server from outside the cluster execute the following commands:
+
+{{- if contains "NodePort" .Values.service.type }}
+
+    export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+    export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }})
+    echo "etcd URL: http://$NODE_IP:$NODE_PORT/"
+
+{{- else if contains "LoadBalancer" .Values.service.type }}
+
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
+
+    export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+    echo "etcd URL: http://$SERVICE_IP:{{ .Values.service.ports.client }}/"
+
+{{- else if contains "ClusterIP" .Values.service.type }}
+
+    kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.ports.client }}:{{ .Values.service.ports.client }} &
+    echo "etcd URL: http://127.0.0.1:{{ .Values.service.ports.client }}"
+
+{{- end }}
+{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }}
+
+ * As rbac is enabled you should add the flag `--user root:$ETCD_ROOT_PASSWORD` to the etcdctl commands. Use the command below to export the password:
+
+    export ETCD_ROOT_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ if .Values.auth.rbac.existingSecret }}{{ .Values.auth.rbac.existingSecret }}{{ else }}{{ template "common.names.fullname" . }}{{ end }} -o jsonpath="{{ if .Values.auth.rbac.existingSecret }}{.data.{{ .Values.auth.rbac.existingSecretPasswordKey }}}{{ else }}{.data.etcd-root-password}{{ end }}" | base64 -d)
+
+{{- end }}
+{{- if .Values.auth.client.secureTransport }}
+{{- if .Values.auth.client.useAutoTLS }}
+
+ * As TLS is enabled you should add the flag `--cert-file /drycc/etcd/data/fixtures/client/cert.pem --key-file /drycc/etcd/data/fixtures/client/key.pem --insecure-skip-tls-verify` to the etcdctl commands.
+
+{{- else }}
+
+ * As TLS is enabled you should add the flag `--cert-file /opt/drycc/etcd/certs/client/{{ .Values.auth.client.certFilename }} --key-file /opt/drycc/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}` to the etcdctl commands.
+
+{{- end }}
+
+ * You should also export a proper etcdctl endpoint using the https schema. Eg.
+
+    export ETCDCTL_ENDPOINTS=https://{{ template "common.names.fullname" . }}-0:{{ .Values.service.ports.client }}
+
+{{- end }}
+{{- if .Values.auth.client.enableAuthentication }}
+
+ * As TLS host authentication is enabled you should add the flag `--ca-file /opt/drycc/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}` to the etcdctl commands.
+
+{{- end }}
+{{- $autoCompactionValue := (regexReplaceAll "[^0-9]" .Values.autoCompactionRetention "" | int) }}
+{{- if and .Values.defrag.enabled (or (empty .Values.autoCompactionRetention) (eq $autoCompactionValue 0)) }}
+
+ * Disk defragmentation in etcd is most effective when paired with key history auto compaction. Consider setting "autoCompactionRetention > 0".
+  
+{{- end }}
+{{- end }}
+
+{{- include "common.warnings.rollingTag" .Values.image }}
+{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
+{{- include "etcd.validateValues" . }}
+{{- include "common.warnings.resources" (dict "sections" (list "" "volumePermissions" "preUpgradeJob" "disasterRecovery.cronjob") "context" $) }}
+{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) }}
+{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) }}
@@ -0,0 +1,213 @@
+{{/*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return the proper etcd image name
+*/}}
+{{- define "etcd.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "etcd.volumePermissions.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "etcd.imagePullSecrets" -}}
+{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper etcd peer protocol
+*/}}
+{{- define "etcd.peerProtocol" -}}
+{{- if .Values.auth.peer.secureTransport -}}
+{{- print "https" -}}
+{{- else -}}
+{{- print "http" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper etcd client protocol
+*/}}
+{{- define "etcd.clientProtocol" -}}
+{{- if .Values.auth.client.secureTransport -}}
+{{- print "https" -}}
+{{- else -}}
+{{- print "http" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper etcdctl authentication options
+*/}}
+{{- define "etcd.authOptions" -}}
+{{- $rbacOption := "--user root:$ROOT_PASSWORD" -}}
+{{- $certsOption := " --cert $ETCD_CERT_FILE --key $ETCD_KEY_FILE" -}}
+{{- $autoCertsOption := " --cert /drycc/etcd/data/fixtures/client/cert.pem --key /drycc/etcd/data/fixtures/client/key.pem --insecure-skip-tls-verify" -}}
+{{- $caOption := " --cacert $ETCD_TRUSTED_CA_FILE" -}}
+{{- $insecureTlsOption := " --insecure-skip-tls-verify" -}}
+{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled -}}
+    {{- printf "%s" $rbacOption -}}
+{{- end -}}
+{{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS -}}
+    {{- printf "%s" $autoCertsOption -}}
+{{- else if and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS) -}}
+    {{- printf "%s" $certsOption -}}
+    {{- if or .Values.auth.client.enableAuthentication .Values.auth.client.caFilename -}}
+        {{- printf "%s" $caOption -}}
+    {{- else -}}
+        {{- printf "%s" $insecureTlsOption -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the etcd configuration configmap
+*/}}
+{{- define "etcd.configmapName" -}}
+{{- if .Values.existingConfigmap -}}
+    {{- printf "%s" (tpl .Values.existingConfigmap $) | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+    {{- printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created
+*/}}
+{{- define "etcd.createConfigmap" -}}
+{{- if and .Values.configuration (not .Values.existingConfigmap) }}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret with etcd credentials
+*/}}
+{{- define "etcd.secretName" -}}
+    {{- if .Values.auth.rbac.existingSecret -}}
+        {{- printf "%s" .Values.auth.rbac.existingSecret | trunc 63 | trimSuffix "-" -}}
+    {{- else -}}
+        {{- printf "%s" (include "common.names.fullname" .) -}}
+    {{- end -}}
+{{- end -}}
+
+{{/*
+Get the secret password key to be retrieved from etcd secret.
+*/}}
+{{- define "etcd.secretPasswordKey" -}}
+{{- if and .Values.auth.rbac.existingSecret .Values.auth.rbac.existingSecretPasswordKey -}}
+{{- printf "%s" .Values.auth.rbac.existingSecretPasswordKey -}}
+{{- else -}}
+{{- printf "etcd-root-password" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a secret object should be created for the etcd token private key
+*/}}
+{{- define "etcd.token.createSecret" -}}
+{{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") (empty .Values.auth.token.privateKey.existingSecret) }}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret with etcd token private key
+*/}}
+{{- define "etcd.token.secretName" -}}
+    {{- if .Values.auth.token.privateKey.existingSecret -}}
+        {{- printf "%s" .Values.auth.token.privateKey.existingSecret | trunc 63 | trimSuffix "-" -}}
+    {{- else -}}
+        {{- printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+    {{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Disaster Recovery PVC name
+*/}}
+{{- define "etcd.disasterRecovery.pvc.name" -}}
+{{- if .Values.disasterRecovery.pvc.existingClaim -}}
+    {{- printf "%s" (tpl .Values.disasterRecovery.pvc.existingClaim $) | trunc 63 | trimSuffix "-" -}}
+{{- else if .Values.startFromSnapshot.existingClaim -}}
+    {{- printf "%s" (tpl .Values.startFromSnapshot.existingClaim $) | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+    {{- printf "%s-snapshotter" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the service account to use
+ */}}
+{{- define "etcd.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+{{ default (include "common.names.fullname" .) .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }}
+{{- else -}}
+{{ default "default" .Values.serviceAccount.name | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "etcd.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "etcd.validateValues.startFromSnapshot.existingClaim" .) -}}
+{{- $messages := append $messages (include "etcd.validateValues.startFromSnapshot.snapshotFilename" .) -}}
+{{- $messages := append $messages (include "etcd.validateValues.disasterRecovery" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of etcd - an existing claim must be provided when startFromSnapshot is enabled */}}
+{{- define "etcd.validateValues.startFromSnapshot.existingClaim" -}}
+{{- if and .Values.startFromSnapshot.enabled (not .Values.startFromSnapshot.existingClaim) (not .Values.disasterRecovery.enabled) -}}
+etcd: startFromSnapshot.existingClaim
+    An existing claim must be provided when startFromSnapshot is enabled and disasterRecovery is disabled!!
+    Please provide it (--set startFromSnapshot.existingClaim="xxxx")
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of etcd - the snapshot filename must be provided when startFromSnapshot is enabled */}}
+{{- define "etcd.validateValues.startFromSnapshot.snapshotFilename" -}}
+{{- if and .Values.startFromSnapshot.enabled (not .Values.startFromSnapshot.snapshotFilename) (not .Values.disasterRecovery.enabled) -}}
+etcd: startFromSnapshot.snapshotFilename
+    The snapshot filename must be provided when startFromSnapshot is enabled and disasterRecovery is disabled!!
+    Please provide it (--set startFromSnapshot.snapshotFilename="xxxx")
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of etcd - persistence must be enabled when disasterRecovery is enabled */}}
+{{- define "etcd.validateValues.disasterRecovery" -}}
+{{- if and .Values.disasterRecovery.enabled (not .Values.persistence.enabled) -}}
+etcd: disasterRecovery
+    Persistence must be enabled when disasterRecovery is enabled!!
+    Please enable persistence (--set persistence.enabled=true)
+{{- end -}}
+{{- end -}}
+
+{{- define "etcd.token.jwtToken" -}}
+{{- if (include "etcd.token.createSecret" .) -}}
+{{- $jwtToken := lookup "v1" "Secret" (include "common.names.namespace" .) (printf "%s-jwt-token" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" ) -}}
+{{- if $jwtToken -}}
+{{ index $jwtToken "data" "jwt-token.pem" | b64dec }}
+{{- else -}}
+{{ genPrivateKey "rsa" }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
@@ -0,0 +1,20 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "etcd.createConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-configuration" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: etcd
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  etcd.conf.yml: |-
+    {{- include "common.tplvalues.render" ( dict "value" .Values.configuration "context" $ ) | nindent 4 }}
+{{- end }}