chore(base-cluster): use t8s-common chart

charts/base-cluster/Chart.yaml

@@ -18,6 +18,9 @@ dependencies:
   - name: common
     version: 2.19.0
     repository: https://charts.bitnami.com/bitnami
+  - name: t8s-common
+    version: 1.0.0
+    repository: oci://ghcr.io/teutonet/teutonet-helm-charts
 annotations:
   artifacthub.io/images: |
     - image: docker.io/bats/bats:1.8.2

charts/base-cluster/templates/_helmRelease.yaml

@@ -6,7 +6,7 @@ metadata:
   namespace: {{ .namespace | default .context.Release.Namespace }}
   labels: {{- include "common.labels.standard" .context | nindent 4 }}
     {{- with .additionalLabels }}
-    {{- . | toYaml | nindent 4 }}
+      {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
   chart:
@@ -21,10 +21,10 @@ spec:
     {{- end }}
   values:
     {{- if eq .render nil }}
-    static: {{ .resource | toYaml | indent 6 }}
+    static: {{ toYaml .resource | indent 6 }}
     {{- else if .render }}
     static: {{ include "common.tplvalues.render" (dict "value" .resource "context" .context) | indent 6 }}
     {{- else }}
-    static: {{ .resource | toYaml | replace "{{" "{{ `{{` }}" | indent 6 }}
+    static: {{ toYaml .resource | replace "{{" "{{ `{{` }}" | indent 6 }}
     {{- end }}
 {{- end -}}

charts/base-cluster/templates/_helpers.tpl

@@ -1,38 +1,25 @@
 {{- define "common.networkPolicy.type" -}}
-{{- if eq .Values.global.networkPolicy.type "auto" -}}
-{{- if .Capabilities.APIVersions.Has "cilium.io/v2/CiliumNetworkPolicy" -}}
-cilium
-{{- else -}}
-none
-{{- end -}}
-{{- else -}}
-{{- .Values.global.networkPolicy.type -}}
-{{- end -}}
+  {{- if eq .Values.global.networkPolicy.type "auto" -}}
+    {{- if .Capabilities.APIVersions.Has "cilium.io/v2/CiliumNetworkPolicy" -}}
+      cilium
+    {{- else -}}
+      none
+    {{- end -}}
+  {{- else -}}
+    {{- .Values.global.networkPolicy.type -}}
+  {{- end -}}
 {{- end -}}
 
 {{- define "common.dict.filterEmptyValues" -}}
-{{- $out := dict -}}
-{{- range $key, $value := . -}}
-{{- if $value -}}
-{{- $out = set $out $key $value -}}
-{{- end -}}
-{{- end -}}
-{{- $out | toYaml -}}
-{{- end -}}
-
-{{- define "base-cluster.helm.labels" -}}
-{{- include "common.labels.standard" (dict "Release" (dict "Name" "{{ .Release.Name }}" "Service" "{{ .Release.Service }}") "Chart" (dict "Name" "{{ .Chart.Name }}" "Version" "{{ .Chart.Version }}") "Values" (dict)) -}}
-{{- end -}}
-
-{{- define "base-cluster.helm.chartVersion" -}}
-{{- dig .repo "charts" .chart nil .context.Values.global.helmRepositories | required (printf "The repo '%s' is either missing or doesn't contain the chart '%s'" .repo .chart) -}}
+  {{- $out := dict -}}
+  {{- range $key, $value := . -}}
+    {{- if $value -}}
+      {{- $out = set $out $key $value -}}
+    {{- end -}}
+  {{- end -}}
+  {{- toYaml $out -}}
 {{- end -}}
 
 {{- define "base-cluster.helm.chartSpec" -}}
-chart: {{ .chart | quote }}
-version: {{ include "base-cluster.helm.chartVersion" (dict "repo" .repo "chart" .chart "context" .context) | quote }}
-sourceRef:
-  kind: HelmRepository
-  name: {{ .repo | quote }}
-  namespace: {{ .context.Release.Namespace }}
-{{- end -}}
+  {{- include "common.helm.chartSpec" (dict "context" .context "repo" .repo "chart" .chart "prependReleaseName" false) -}}
+{{- end -}}

charts/base-cluster/templates/_images.tpl

@@ -1,17 +1,17 @@
 {{- define "base-cluster.kubectl.image" -}}
-{{- include "common.images.image" (dict "imageRoot" .Values.global.kubectl.image "global" .Values.global) -}}
+  {{- include "common.images.image" (dict "imageRoot" .Values.global.kubectl.image "global" .Values.global) -}}
 {{- end -}}
 
 {{- define "base-cluster.curl.image" -}}
-{{- include "common.images.image" (dict "imageRoot" .Values.global.curl.image "global" .Values.global) -}}
+  {{- include "common.images.image" (dict "imageRoot" .Values.global.curl.image "global" .Values.global) -}}
 {{- end -}}
 
 {{- define "base-cluster.flux.image" -}}
-{{- include "common.images.image" (dict "imageRoot" .Values.global.flux.image "global" .Values.global) -}}
+  {{- include "common.images.image" (dict "imageRoot" .Values.global.flux.image "global" .Values.global) -}}
 {{- end -}}
 
 {{- define "base-cluster.gpg.image" -}}
-{{- include "common.images.image" (dict "imageRoot" .Values.global.gpg.image "global" .Values.global) -}}
+  {{- include "common.images.image" (dict "imageRoot" .Values.global.gpg.image "global" .Values.global) -}}
 {{- end -}}
 
 {{- define "base-cluster.defaultRegistry" -}}

charts/base-cluster/templates/_ingress.tpl

@@ -1,7 +1,7 @@
 {{- define "base-cluster.certificate" -}}
-{{- if and .context.Values.dns.provider (not .customDomain) -}}
-cluster-wildcard-certificate
-{{- else -}}
-{{- printf "%s-certificate" .name -}}
-{{- end -}}
+  {{- if and .context.Values.dns.provider (not .customDomain) -}}
+    cluster-wildcard-certificate
+  {{- else -}}
+    {{- printf "%s-certificate" .name -}}
+  {{- end -}}
 {{- end -}}

charts/base-cluster/templates/backup/velero.yaml

@@ -50,11 +50,11 @@ spec:
       allowPrivilegeEscalation: false
       seccompProfile:
         type: RuntimeDefault
-    resources: {{- .Values.backup.resources | toYaml | nindent 6 }}
+    resources: {{- include "common.resources" .Values.backup | nindent 6 }}
     priorityClassName: system-cluster-critical
     deployNodeAgent: true # enable FSB
     nodeAgent:
-      resources: {{- .Values.backup.nodeAgent.resources | toYaml | nindent 8 }}
+      resources: {{- include "common.resources" .Values.backup.nodeAgent | nindent 8 }}
       priorityClassName: system-cluster-critical
     configuration:
       defaultBackupStorageLocation: {{ .Values.backup.defaultLocation | quote }}
@@ -90,5 +90,5 @@ spec:
       uploaderType: restic
     metrics:
       serviceMonitor:
-        additionalLabels: {{- .Values.monitoring.labels | toYaml | nindent 10 }}
+        additionalLabels: {{- toYaml .Values.monitoring.labels | nindent 10 }}
 {{- end }}

charts/base-cluster/templates/cert-manager/cert-manager.yaml

@@ -40,22 +40,22 @@ spec:
     extraArgs:
       - --dns01-recursive-nameservers={{- $nameservers | sortAlpha | join "," }}
     {{- end }}
-    resources: {{- $.Values.certManager.resources | toYaml | nindent 6 }}
+    resources: {{- include "common.resources" $.Values.certManager | nindent 6 }}
     replicaCount: 1
     securityContext: &securityContext
       runAsNonRoot: true
       runAsUser: 1001
       runAsGroup: 1001
       fsGroup: 1001
     cainjector:
-      resources: {{- $.Values.certManager.caInjector.resources | toYaml | nindent 8 }}
+      resources: {{- include "common.resources" $.Values.certManager.caInjector | nindent 8 }}
       securityContext: *securityContext
       {{- if .Values.global.imageRegistry }}
       image:
         repository: {{ printf "%s/jetstack/cert-manager-cainjector" $.Values.global.imageRegistry }}
       {{- end }}
     webhook:
-      resources: {{- $.Values.certManager.webhook.resources | toYaml | nindent 8 }}
+      resources: {{- include "common.resources" $.Values.certManager.webhook | nindent 8 }}
       securityContext: *securityContext
       {{- if .Values.global.imageRegistry }}
       image:
@@ -65,4 +65,4 @@ spec:
       enabled: {{ .Values.monitoring.prometheus.enabled }}
       servicemonitor:
         enabled: {{ .Values.monitoring.prometheus.enabled }}
-        labels: {{- .Values.monitoring.labels | toYaml | nindent 10 }}
+        labels: {{- toYaml .Values.monitoring.labels | nindent 10 }}

charts/base-cluster/templates/cert-manager/clusterissuer.yaml

@@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   name: letsencrypt-{{ .name }}
-  labels: {{- include "base-cluster.helm.labels" (dict) | nindent 4 }}
+  labels: {{- include "common.helm.labels" (dict) | nindent 4 }}
     app.kubernetes.io/component: {{ .name }}
     app.kubernetes.io/part-of: cert-manager
 spec:
@@ -27,7 +27,7 @@ spec:
           {{- end }}
         {{- with .context.Values.dns.domains }}
         selector:
-          dnsZones: {{- . | toYaml | nindent 12 }}
+          dnsZones: {{- toYaml . | nindent 12 }}
         {{- end }}
       {{- end }}
       - http01:
@@ -37,4 +37,4 @@ spec:
     privateKeySecretRef:
       name: letsencrypt-{{ .name }}-account
     server: {{ .url | quote }}
-{{- end -}}
+{{- end -}}

charts/base-cluster/templates/cert-manager/rules/certificate-expiration.yaml

@@ -9,7 +9,7 @@ metadata:
   name: certificate-expiration
   namespace: cert-manager
   labels: {{- include "common.labels.standard" . | nindent 4 }}
-    {{- .Values.monitoring.labels | toYaml | nindent 4 }}
+    {{- toYaml .Values.monitoring.labels | nindent 4 }}
     app.kubernetes.io/component: prometheus
     app.kubernetes.io/part-of: cert-manager
 spec:

charts/base-cluster/templates/descheduler/descheduler.yaml

@@ -10,7 +10,7 @@ metadata:
   namespace: kube-system
   labels: {{- include "common.labels.standard" $ | nindent 4 }}
     app.kubernetes.io/component: descheduler
-    {{- if not (eq $selectedVersion $latestVersion) }}
+    {{- if ne $selectedVersion $latestVersion }}
     helmrelease-metrics/ignore: "true"
     {{- end }}
 spec:
@@ -31,7 +31,7 @@ spec:
     priorityClassName: system-cluster-critical
     deschedulerPolicy:
       evictLocalStoragePods: true
-      strategies: {{- .Values.descheduler.strategies | toYaml | nindent 8 }}
+      strategies: {{- toYaml .Values.descheduler.strategies | nindent 8 }}
     {{- if .Values.global.imageRegistry }}
     image:
       repository: {{ printf "%s/descheduler/descheduler" .Values.global.imageRegistry }}

charts/base-cluster/templates/dns/external-dns.yaml

@@ -66,10 +66,10 @@ spec:
       allowPrivilegeEscalation: false
       seccompProfile:
         type: RuntimeDefault
-    resources: {{- .Values.externalDNS.resources | toYaml | nindent 6 }}
+    resources: {{- include "common.resources" .Values.externalDNS | nindent 6 }}
     metrics:
       enabled: {{ .Values.monitoring.prometheus.enabled }}
       serviceMonitor:
         enabled: {{ .Values.monitoring.prometheus.enabled }}
-        labels: {{- .Values.monitoring.labels | toYaml | nindent 10 }}
+        labels: {{- toYaml .Values.monitoring.labels | nindent 10 }}
 {{- end -}}

charts/base-cluster/templates/flux/flux.yaml

@@ -51,7 +51,7 @@ metadata:
 spec:
   interval: {{ $instance.gitInterval | default "1m" | quote }}
   url: {{ $instance.url | quote }}
-  {{- if not (eq $authenticationMethod "none") }}
+  {{- if ne $authenticationMethod "none" }}
   secretRef:
     name: {{ $authenticationSecretName }}
   {{- end -}}

charts/base-cluster/templates/flux/podMonitor.yaml

@@ -9,7 +9,7 @@ metadata:
   name: flux
   namespace: {{ .Release.Namespace }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
-    {{- .Values.monitoring.labels | toYaml | nindent 4 }}
+    {{- toYaml .Values.monitoring.labels | nindent 4 }}
     app.kubernetes.io/component: prometheus
     app.kubernetes.io/part-of: flux
 spec:

charts/base-cluster/templates/flux/rules/flux-status.yaml

@@ -9,7 +9,7 @@ metadata:
   name: flux-status
   namespace: {{ .Release.Namespace }}
   labels: {{- include "common.labels.standard" . | nindent 4 }}
-    {{- .Values.monitoring.labels | toYaml | nindent 4 }}
+    {{- toYaml .Values.monitoring.labels | nindent 4 }}
     app.kubernetes.io/component: prometheus
     app.kubernetes.io/part-of: flux
 spec:

charts/base-cluster/templates/global/_namespaces.tpl

@@ -13,5 +13,5 @@
     {{- $namespaces := set $namespaces $name (omit $namespace "condition") -}}
   {{- end -}}
 {{- end -}}
-{{- $namespaces | toYaml -}}
-{{- end -}}
+{{- toYaml $namespaces -}}
+{{- end -}}

charts/base-cluster/templates/global/certificates.yaml

@@ -27,7 +27,7 @@
       {{- $certs = set $certs $name $cert -}}
     {{- end -}}
   {{- end -}}
-  {{- $certs | toYaml -}}
+  {{- toYaml $certs -}}
 {{- end -}}
 
 {{- define "base-cluster.cert-manager.custom-certificates-yaml" -}}
@@ -37,13 +37,13 @@ kind: Certificate
 metadata:
   name: {{ $name | quote }}
   namespace: {{ $.context.Release.Namespace }}
-  labels: {{- include "base-cluster.helm.labels" (dict) | nindent 4 }}
+  labels: {{- include "common.helm.labels" (dict) | nindent 4 }}
 spec:
   issuerRef:
     group: cert-manager.io
     kind: ClusterIssuer
     name: letsencrypt-production
-  dnsNames: {{- $cert.dnsNames | toYaml | nindent 4 }}
+  dnsNames: {{- toYaml $cert.dnsNames | nindent 4 }}
   secretName: {{ printf "%s-certificate" $name | quote }}
   {{- if include "base-cluster.reflector.enabled" (dict "context" $.context) }}
   secretTemplate:

charts/base-cluster/templates/global/namespaces.yaml

@@ -5,7 +5,7 @@ metadata:
   name: {{ $name }}
   labels: {{- include "common.labels.standard" $ | nindent 4 -}}
   {{- with $namespace.additionalLabels -}}
-    {{- . | toYaml | nindent 4 -}}
+    {{- toYaml . | nindent 4 -}}
   {{- end }}
 ---
 apiVersion: v1
@@ -52,9 +52,9 @@ spec:
     {{- range $resource, $quota := . -}}
       {{- $quotas = set $quotas $resource (include "common.tplvalues.render" (dict "value" $quota "context" $)) -}}
     {{- end }}
-  hard: {{- $quotas | toYaml | nindent 4 }}
+  hard: {{- toYaml $quotas | nindent 4 }}
   {{- end }}
 {{- end }}
 {{- end }}
 ---
-{{ end -}}
+{{ end -}}

charts/base-cluster/templates/ingress/nginx.yaml

@@ -26,7 +26,7 @@ spec:
         enabled: {{ .Values.monitoring.prometheus.enabled }}
         serviceMonitor:
           enabled: {{ .Values.monitoring.prometheus.enabled }}
-          additionalLabels: {{- .Values.monitoring.labels | toYaml | nindent 12 }}
+          additionalLabels: {{- toYaml .Values.monitoring.labels | nindent 12 }}
       {{- if .Values.monitoring.tracing.enabled }}
       opentelemetry:
         enabled: true
@@ -57,7 +57,7 @@ spec:
         loadBalancerIP: {{ .Values.ingress.IP | quote }}
       {{- end }}
       replicaCount: {{ .Values.ingress.replicas }}
-      resources: {{- .Values.ingress.resources | toYaml | nindent 8 }}
+      resources: {{- include "common.resources" .Values.ingress | nindent 8 }}
       podSecurityContext:
         runAsNonRoot: true
         runAsGroup: 101

charts/base-cluster/templates/ingress/validation.tpl

@@ -20,7 +20,7 @@
       {{- end -}}
     {{- end -}}
   {{- end -}}
-  {{- if and $loadBalancerIP (not (eq $loadBalancerIP .Values.ingress.IP)) -}}
+  {{- if and $loadBalancerIP (ne $loadBalancerIP .Values.ingress.IP) -}}
       {{- fail "You cannot change the LoadBalancerIP on an existing service, if you really want to, please delete the service 'ingress-nginx/ingress-nginx-controller' beforehand" -}}
   {{- end -}}
-{{- end -}}
+{{- end -}}

charts/base-cluster/templates/kyverno/kyverno.yaml

@@ -43,7 +43,7 @@ spec:
       {{- end }}
     serviceMonitor:
       enabled: {{ .Values.monitoring.prometheus.enabled }}
-      additionalLabels: {{- .Values.monitoring.labels | toYaml | nindent 8 }}
+      additionalLabels: {{- toYaml .Values.monitoring.labels | nindent 8 }}
     priorityClassName: system-cluster-critical
     # this only works in version 3
     admissionController:

charts/base-cluster/templates/kyverno/policies/_policyTemplate.yaml

@@ -10,11 +10,11 @@ apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
   name: {{ .name }}
-  labels: {{- include "base-cluster.helm.labels" (dict) | nindent 4 }}
+  labels: {{- include "common.helm.labels" (dict) | nindent 4 }}
     app.kubernetes.io/component: {{ .name }}
     app.kubernetes.io/part-of: kyverno-policies
   {{- with (dig "metadata" "annotations" nil $policy) }}
-  annotations: {{- . | toYaml | nindent 4 }}
+  annotations: {{- toYaml . | nindent 4 }}
   {{- end }}
 spec: {{- get $policy "spec" | toYaml | replace "{{" "{{ `{{` }}" | nindent 2 }}
 {{- end -}}