Create umbraco

Chart/templates/_helpers.tpl

@@ -0,0 +1,72 @@
+{{/*
+Define the application name and fullname
+*/}}
+
+{{- define "..name" -}}
+{{- .Values.site.name | trunc 63 }}
+{{- end }}
+
+{{- define "..fullname" -}}
+{{ include "..name" . }}
+{{- end }}
+
+{{- define  "..domains" }}
+- {{ .Values.site.primaryDomain }}
+{{- if .Values.site.additionalDomains }}{{ .Values.site.additionalDomains | toYaml }}{{- end }}
+{{- end }}
+
+{{- define "..resourcelimits" -}}
+resources:
+  limits:
+    cpu: {{ .Values.site.resources.cpu.peak }}
+    memory: {{ .Values.site.resources.mem.peak }}
+  requests:
+    cpu: {{ .Values.site.resources.cpu.avg }}
+    memory: {{ .Values.site.resources.mem.avg }}
+{{- end }}
+
+{{/*
+Define the chart name and version
+*/}}
+
+{{- define "..chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Define the chart common labels
+*/}}
+{{- define "..labels" -}}
+helm.sh/chart: {{ include "..chart" . }}
+app.kubernetes.io/name: {{ include "..name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }}
+cloudyne.systems/customer-legal-id: '{{ .Values.customer.legalId }}'
+cloudyne.systems/site: {{ .Values.site.primaryDomain | quote }}
+{{- end }}
+{{- define "..selector-labels" -}}
+cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }}
+cloudyne.systems/site: {{ .Values.site.primaryDomain | quote }}
+cloudyne.systems/component: site
+{{- end }}
+{{- define "..affinity-labels" -}}
+podAffinity:
+  requiredDuringSchedulingIgnoredDuringExecution:
+    - labelSelector:
+        matchExpressions:
+        - key: cloudyne.systems/customer
+          operator: In
+          values:
+          - {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }}
+        - key: cloudyne.systems/site
+          operator: In
+          values:
+          - {{ .Values.site.domain | quote }}
+        - key: cloudyne.systems/component
+          operator: In
+          values:
+          - "site"
+      topologyKey: kubernetes.io/hostname
+{{- end }}

Chart/templates/deployment.yaml

@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{ include "..labels" . | nindent 4 }}
+  name: {{ include "..fullname" . }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{ include "..selector-labels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{ include "..selector-labels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: umbraco
+          envFrom:
+            {{- range $sec := .Values.secrets }}
+             {{- if eq $sec.type "env"}}
+            - secretRef:
+              name: {{ $sec.name }} 
+             {{- end }}
+            {{- end }}
+            {{- range $esec := .Values.externalSecrets }}
+              {{- if eq $esec.type "env"}}
+            - secretRef:
+              name: {{ $esec.ref.target }} 
+              {{- end }}
+            {{- end }}
+            {{- range $cfgm := .Values.configMaps }}
+              {{- if eq $cfgm.type "env"}}
+            - configMapRef:
+              name: {{ $cfgm.name }} 
+              {{- end }}
+            {{- end }}
+          image: {{ .Values.site.image }}
+          imagePullPolicy: Always
+          imagePullSecrets:
+            {{ range $secret := .Values.secrets }}
+              {{- if eq $secret.type "docker" }}
+            - name: {{ $secret.name }}
+              {{- end }}
+            {{- end }}
+            {{- range $esecret := .Values.externalSecrets }}
+              {{- if eq $esecret.type "docker" }}
+            - name: {{ $esecret.ref.target }}
+              {{- end }}
+            {{- end }}
+          ports:
+          - containerPort: 8123
+            name: http
+            protocol: TCP
+          resources:
+            limits:
+              cpu: {{ .Values.site.resources.cpu.peak | default "1000m" }}
+              memory: {{ .Values.site.resources.mem.peak | default "512Mi" }}
+            requests:
+              cpu: {{ .Values.site.resources.cpu.min | default "100m" }}
+              memory: {{ .Values.site.resources.mem.min | default "256Mi" }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsUser: 0
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+

Chart/templates/externalsecret.yaml

@@ -0,0 +1,37 @@
+{{- if and .Values.externalSecrets  }}
+ {{- range .Values.externalSecrets }}
+---
+apiVersion: v1
+kind: ExternalSecret
+metadata:
+  name: {{ include "..fullname" $ }}-{{ .name }}
+  labels:
+    {{- include "..labels" $ | nindent 4 }}
+spec:
+  refreshInterval: {{ .refreshInterval | default "10h" }}
+  secretStoreRef:
+    {{- if .ref.clusterSecretStore }}
+    kind: ClusterSecretStore
+    name: {{ .ref.clusterSecretStore }}
+    {{- else }}
+    kind: SecretStore
+    name: {{ .ref.secretStore }}
+    namespace: {{ .ref.secretStoreNamespace }}
+    {{- end }}
+  target:
+    name: {{ include "..fullname" $ }}-exts-{{ .name }}
+    template:
+      {{- if eq .type "docker"}}
+      type: kubernetes.io/dockerconfigjson
+      {{- end }}
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: External-Secrets
+  data:
+    {{- range $v := .items }}
+    - secretKey: {{ $v.target }}
+      remoteRef:
+        key: {{ $v.source }}
+    {{- end }}
+  {{- end }}
+{{- end }}

Chart/templates/ingress.yaml

@@ -0,0 +1,43 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: {{ .Values.site.certificateIssuer | default "zssl-production" }}
+  labels: {{- include "..labels" . | nindent 4 }}
+  name: {{ include "..fullname" . }}
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: {{ .Values.site.primaryDomain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ include "..fullname" . }}
+            port:
+              number: 8123
+        path: /
+        pathType: Prefix
+  {{- if .Values.site.additionalDomains }}
+   {{- range $domain := .Values.site.additionalDomains }}
+  - host: {{ $domain }}
+    http:
+      paths:
+      - backend:
+        service:
+          name: {{ include "..fullname" $ }}
+          port:
+            number: 8123
+        path: /
+        pathType: Prefix
+   {{- end }}
+  {{- end }}
+  tls:
+  - hosts:
+    - {{ .Values.site.primaryDomain }}
+    {{- if .Values.site.additionalDomains }}
+     {{- range $domain := .Values.site.additionalDomains }}
+    - {{ $domain }}
+     {{- end }}
+    {{- end }}
+    secretName: tls-{{ include "..fullname" . }}

Chart/templates/secret.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.secrets }}
+ {{- range $sec := .Values.secrets }}
+---
+apiVersion: v1
+kind: Secret
+{{- if or (eq $sec.type "env") (eq $sec.type "file") }}
+type: Opaque
+{{- else if eq $sec.type "docker" }}
+type: kubernetes.io/dockerconfigjson
+{{- end }}
+metadata:
+  name: {{ include "..fullname" $ }}-{{ $sec.name }}
+  labels:
+    {{- include "..labels" $ | nindent 4 }}
+data:
+  {{- range $item := $sec.values }}
+  - name: {{ $item.name }}
+    value: {{ $item.value | b64enc | quote }}
+  {{- end }}
+ {{- end }}
+{{- end }}

Chart/templates/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "..fullname" . }}
+spec:
+  internalTrafficPolicy: Cluster
+  ports:
+  - port: 8123
+    protocol: TCP
+    targetPort: 8123
+  selector: {{ include "..selector-labels" . | nindent 4 }}
+  sessionAffinity: None
+  type: ClusterIP