A Helm Library Chart for grouping common logic between bitnami charts.
dependencies:
- name: common
version: 1.x.x
repository: https://charts.bitnami.com/bitnami
$ helm dependency update
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
data:
myvalue: "Hello World"
This chart provides a common template helpers which can be used to develop new charts using Helm package manager.
Bitnami charts can be used with Kubeapps for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of Bitnami Kubernetes Production Runtime (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications.
The following table lists the helpers available in the library which are scoped in different sections.
Helper identifier | Description | Expected Input |
---|---|---|
common.affinities.nodes.soft |
Return a soft nodeAffinity definition | dict "key" "FOO" "values" (list "BAR" "BAZ") |
common.affinities.nodes.hard |
Return a hard nodeAffinity definition | dict "key" "FOO" "values" (list "BAR" "BAZ") |
common.affinities.pods.soft |
Return a soft podAffinity/podAntiAffinity definition | dict "component" "FOO" "context" $ |
common.affinities.pods.hard |
Return a hard podAffinity/podAntiAffinity definition | dict "component" "FOO" "context" $ |
Helper identifier | Description | Expected Input |
---|---|---|
common.capabilities.kubeVersion |
Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | . Chart context |
common.capabilities.cronjob.apiVersion |
Return the appropriate apiVersion for cronjob. | . Chart context |
common.capabilities.deployment.apiVersion |
Return the appropriate apiVersion for deployment. | . Chart context |
common.capabilities.statefulset.apiVersion |
Return the appropriate apiVersion for statefulset. | . Chart context |
common.capabilities.ingress.apiVersion |
Return the appropriate apiVersion for ingress. | . Chart context |
common.capabilities.rbac.apiVersion |
Return the appropriate apiVersion for RBAC resources. | . Chart context |
common.capabilities.crd.apiVersion |
Return the appropriate apiVersion for CRDs. | . Chart context |
common.capabilities.policy.apiVersion |
Return the appropriate apiVersion for podsecuritypolicy. | . Chart context |
common.capabilities.networkPolicy.apiVersion |
Return the appropriate apiVersion for networkpolicy. | . Chart context |
common.capabilities.apiService.apiVersion |
Return the appropriate apiVersion for APIService. | . Chart context |
common.capabilities.hpa.apiVersion |
Return the appropriate apiVersion for Horizontal Pod Autoscaler | . Chart context |
common.capabilities.supportsHelmVersion |
Returns true if the used Helm version is 3.3+ | . Chart context |
Helper identifier | Description | Expected Input |
---|---|---|
common.errors.upgrade.passwords.empty |
It will ensure required passwords are given when we are upgrading a chart. If validationErrors is not empty it will throw an error and will stop the upgrade action. |
dict "validationErrors" (list $validationError00 $validationError01) "context" $ |
Helper identifier | Description | Expected Input |
---|---|---|
common.images.image |
Return the proper and full image name | dict "imageRoot" .Values.path.to.the.image "global" $ , see ImageRoot for the structure. |
common.images.pullSecrets |
Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global |
common.images.renderPullSecrets |
Return the proper Docker Image Registry Secret Names (evaluates values as templates) | dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $ |
Helper identifier | Description | Expected Input |
---|---|---|
common.ingress.backend |
Generate a proper Ingress backend entry depending on the API version | dict "serviceName" "foo" "servicePort" "bar" , see the Ingress deprecation notice for the syntax differences |
common.ingress.supportsPathType |
Prints "true" if the pathType field is supported | . Chart context |
common.ingress.supportsIngressClassname |
Prints "true" if the ingressClassname field is supported | . Chart context |
common.ingress.certManagerRequest |
Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | dict "annotations" .Values.path.to.the.ingress.annotations |
Helper identifier | Description | Expected Input |
---|---|---|
common.labels.standard |
Return Kubernetes standard labels | . Chart context |
common.labels.matchLabels |
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector |
. Chart context |
Helper identifier | Description | Expected Input |
---|---|---|
common.names.name |
Expand the name of the chart or use .Values.nameOverride |
. Chart context |
common.names.fullname |
Create a default fully qualified app name. | . Chart context |
common.names.namespace |
Allow the release namespace to be overridden | . Chart context |
common.names.fullname.namespace |
Create a fully qualified app name adding the installation's namespace | . Chart context |
common.names.chart |
Chart name plus version | . Chart context |
Helper identifier | Description | Expected Input |
---|---|---|
common.secrets.name |
Generate the name of the secret. | dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $ see ExistingSecret for the structure. |
common.secrets.key |
Generate secret key. | dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName" see ExistingSecret for the structure. |
common.passwords.manage |
Generate secret password or retrieve one if already created. | dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $ , length, strong and chartNAme fields are optional. |
common.secrets.exists |
Returns whether a previous generated secret already exists. | dict "secret" "secret-name" "context" $ |
Helper identifier | Description | Expected Input |
---|---|---|
common.storage.class |
Return the proper Storage Class | dict "persistence" .Values.path.to.the.persistence "global" $ , see Persistence for the structure. |
Helper identifier | Description | Expected Input |
---|---|---|
common.tplvalues.render |
Renders a value that contains template | dict "value" .Values.path.to.the.Value "context" $ , value is the value should rendered as template, context frequently is the chart context $ or . |
Helper identifier | Description | Expected Input |
---|---|---|
common.utils.fieldToEnvVar |
Build environment variable name given a field. | dict "field" "my-password" |
common.utils.secret.getvalue |
Print instructions to get a secret value. | dict "secret" "secret-name" "field" "secret-value-field" "context" $ |
common.utils.getValueFromKey |
Gets a value from .Values object given its key path |
dict "key" "path.to.key" "context" $ |
common.utils.getKeyFromList |
Returns first .Values key with a defined value or first of the list if all non-defined |
dict "keys" (list "path.to.key1" "path.to.key2") "context" $ |
Helper identifier | Description | Expected Input |
---|---|---|
common.validations.values.single.empty |
Validate a value must not be empty. | dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $ secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See ValidateValue |
common.validations.values.multiple.empty |
Validate a multiple values must not be empty. It returns a shared error for all the values. | dict "required" (list $validateValueConf00 $validateValueConf01) "context" $ . See ValidateValue |
common.validations.values.mariadb.passwords |
This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | dict "secret" "mariadb-secret" "subchart" "true" "context" $ subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
common.validations.values.mysql.passwords |
This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | dict "secret" "mysql-secret" "subchart" "true" "context" $ subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
common.validations.values.postgresql.passwords |
This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | dict "secret" "postgresql-secret" "subchart" "true" "context" $ subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
common.validations.values.redis.passwords |
This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | dict "secret" "redis-secret" "subchart" "true" "context" $ subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
common.validations.values.cassandra.passwords |
This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | dict "secret" "cassandra-secret" "subchart" "true" "context" $ subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
common.validations.values.mongodb.passwords |
This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | dict "secret" "mongodb-secret" "subchart" "true" "context" $ subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
Helper identifier | Description | Expected Input |
---|---|---|
common.warnings.rollingTag |
Warning about using rolling tag. | ImageRoot see ImageRoot for the structure. |
registry:
type: string
description: Docker registry where the image is located
example: docker.io
repository:
type: string
description: Repository and image name
example: bitnami/nginx
tag:
type: string
description: image tag
example: 1.16.1-debian-10-r63
pullPolicy:
type: string
description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
pullSecrets:
type: array
items:
type: string
description: Optionally specify an array of imagePullSecrets (evaluated as templates).
debug:
type: boolean
description: Set to true if you would like to see extra information on logs
example: false
## An instance would be:
# registry: docker.io
# repository: bitnami/nginx
# tag: 1.16.1-debian-10-r63
# pullPolicy: IfNotPresent
# debug: false
enabled:
type: boolean
description: Whether enable persistence.
example: true
storageClass:
type: string
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
example: "-"
accessMode:
type: string
description: Access mode for the Persistent Volume Storage.
example: ReadWriteOnce
size:
type: string
description: Size the Persistent Volume Storage.
example: 8Gi
path:
type: string
description: Path to be persisted.
example: /bitnami
## An instance would be:
# enabled: true
# storageClass: "-"
# accessMode: ReadWriteOnce
# size: 8Gi
# path: /bitnami
name:
type: string
description: Name of the existing secret.
example: mySecret
keyMapping:
description: Mapping between the expected key name and the name of the key in the existing secret.
type: object
## An instance would be:
# name: mySecret
# keyMapping:
# password: myPasswordKey
When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
# templates/secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
app: {{ include "common.names.fullname" . }}
type: Opaque
data:
password: {{ .Values.password | b64enc | quote }}
# templates/dpl.yaml
---
...
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
...
# values.yaml
---
name: mySecret
keyMapping:
password: myPasswordKey
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
If we force those values to be empty we will see some alerts
$ helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d)
On November 13, 2020, Helm v2 support was formally finished, this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
What changes were introduced in this major version?
apiVersion: v1
(installable by both Helm 2 and 3), this Helm Chart was updated to apiVersion: v2
(installable by Helm 3 only). Here you can find more information about the apiVersion
field.type: library
. Here you can find more information.Considerations when upgrading to this version
Useful links
Copyright © 2022 Bitnami
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.