luneski/onelab-k8s-1.27
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add OneLab Helm chart, Argo CD Application, and GitOps values for k3s

Browse Source 
Made-with: Cursor
This commit is contained in:
timotheereausanofi
2026-03-20 10:15:15 +01:00
commit 52847814e0
102 changed files with 4476 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
gitops/charts/onelab/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,25 @@
{{- define "onelab.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "onelab.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- define "onelab.labels" -}}
app.kubernetes.io/name: {{ include "onelab.name" . }}
helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | quote }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}

18
gitops/charts/onelab/templates/configmap-rabbit.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- $cfg := fromYaml (.Files.AsConfig) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: onelab-rabbit-config
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.statefulDeps | quote }}
data:
rabbit.conf: |
{{ index $cfg "rabbit.conf" | nindent 4 }}
advanced.conf: |
{{ index $cfg "advanced.conf" | nindent 4 }}
enable_plugins: |
{{ index $cfg "enable_plugins" | nindent 4 }}
definitions.json: |
{{ index $cfg "rabbit-definitions.json" | nindent 4 }}

14
gitops/charts/onelab/templates/configmap-revproxy.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- $cfg := fromYaml (.Files.AsConfig) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: onelab-revproxy
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.apps | quote }}
data:
nginx.conf: |
{{ tpl (index $cfg "nginx.conf.tpl") . | nindent 4 }}
error-404.html: |
{{ index $cfg "error-404.html" | nindent 4 }}

111
gitops/charts/onelab/templates/deployment-optional-workers.yaml Normal file
View File

@@ -0,0 +1,111 @@
{{- $root := . }}
{{- if .Values.features.ldapWorker }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ldap-worker
labels:
app.kubernetes.io/component: ldap-worker
{{- include "onelab.labels" $root | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ $root.Values.syncWaves.apps | quote }}
spec:
replicas: {{ $root.Values.replicas.ldap | default 1 }}
selector:
matchLabels:
app.kubernetes.io/component: ldap-worker
app.kubernetes.io/name: {{ include "onelab.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/component: ldap-worker
app.kubernetes.io/name: {{ include "onelab.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
spec:
{{- with $root.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: ldap-worker
image: {{ printf "%s/%s:%s" $root.Values.images.registry "onelab-ldap-worker" $root.Values.images.tag | quote }}
volumeMounts:
- name: configurations
mountPath: /conf/configurations.yml
subPath: configurations.yml
readOnly: true
{{- if eq $root.Values.persistence.mode "hostPath" }}
- name: logs
mountPath: /logs
{{- end }}
volumes:
- name: configurations
secret:
secretName: onelab-configurations
{{- if eq $root.Values.persistence.mode "hostPath" }}
- name: logs
hostPath:
path: {{ $root.Values.persistence.hostPath.logs }}
type: DirectoryOrCreate
{{- else }}
- name: logs
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.features.mailerWorker }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mailer-worker
labels:
app.kubernetes.io/component: mailer-worker
{{- include "onelab.labels" $root | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ $root.Values.syncWaves.apps | quote }}
spec:
replicas: {{ $root.Values.replicas.mailer | default 1 }}
selector:
matchLabels:
app.kubernetes.io/component: mailer-worker
app.kubernetes.io/name: {{ include "onelab.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/component: mailer-worker
app.kubernetes.io/name: {{ include "onelab.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
spec:
{{- with $root.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: mailer-worker
image: {{ printf "%s/%s:%s" $root.Values.images.registry "onelab-mailer-worker" $root.Values.images.tag | quote }}
volumeMounts:
- name: configurations
mountPath: /conf/configurations.yml
subPath: configurations.yml
readOnly: true
{{- if eq $root.Values.persistence.mode "hostPath" }}
- name: logs
mountPath: /logs
{{- end }}
volumes:
- name: configurations
secret:
secretName: onelab-configurations
{{- if eq $root.Values.persistence.mode "hostPath" }}
- name: logs
hostPath:
path: {{ $root.Values.persistence.hostPath.logs }}
type: DirectoryOrCreate
{{- else }}
- name: logs
emptyDir: {}
{{- end }}
{{- end }}

53
gitops/charts/onelab/templates/deployment-redis.yaml Normal file
View File

@@ -0,0 +1,53 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.statefulDeps | quote }}
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: redis
image: {{ printf "%s/%s:%s" .Values.images.registry .Values.images.redis .Values.images.redisTag | quote }}
ports:
- containerPort: 6379
name: redis
{{- with .Values.redis.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: redis
labels:
{{- include "onelab.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: 6379
targetPort: redis
name: redis
selector:
app.kubernetes.io/component: redis
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

73
gitops/charts/onelab/templates/deployment-revproxy.yaml Normal file
View File

@@ -0,0 +1,73 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: revproxy
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.apps | quote }}
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: revproxy
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/component: revproxy
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: nginx
image: {{ printf "%s/%s:%s" .Values.images.registry .Values.images.nginx .Values.images.nginxTag | quote }}
ports:
- containerPort: 80
name: http
volumeMounts:
- name: nginx
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: nginx
mountPath: /data/error-404.html
subPath: error-404.html
- name: data
mountPath: /data
volumes:
- name: nginx
configMap:
name: onelab-revproxy
- name: data
{{- if eq .Values.persistence.mode "hostPath" }}
hostPath:
path: {{ .Values.persistence.hostPath.data }}
type: DirectoryOrCreate
{{- else }}
emptyDir: {}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: revproxy
labels:
{{- include "onelab.labels" . | nindent 4 }}
spec:
type: {{ .Values.revproxy.serviceType }}
ports:
- port: 80
targetPort: http
name: http
{{- if and (eq .Values.revproxy.serviceType "NodePort") .Values.revproxy.nodePort }}
nodePort: {{ .Values.revproxy.nodePort }}
{{- end }}
selector:
app.kubernetes.io/component: revproxy
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

13
gitops/charts/onelab/templates/secret-configurations.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- $cfg := fromYaml (.Files.AsConfig) }}
apiVersion: v1
kind: Secret
metadata:
name: onelab-configurations
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.statefulDeps | quote }}
type: Opaque
stringData:
configurations.yml: |
{{- tpl (index $cfg "configurations.gotmpl") . | nindent 4 }}

11
gitops/charts/onelab/templates/secret-postgres.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: onelab-postgres
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.postgres | quote }}
type: Opaque
stringData:
postgres-password: {{ .Values.postgresql.auth.password | quote }}

18
gitops/charts/onelab/templates/secret-rabbit-tls.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.rabbitmq.tls.embed }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.rabbitmq.tls.secretName }}
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.statefulDeps | quote }}
type: Opaque
stringData:
rabbit.crt: |
{{ .Values.rabbitmq.tls.crt | nindent 4 }}
rabbit.key: |
{{ .Values.rabbitmq.tls.key | nindent 4 }}
rabbit.fullchain.pem: |
{{ .Values.rabbitmq.tls.fullchain | nindent 4 }}
{{- end }}

18
gitops/charts/onelab/templates/service-db.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: db
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.postgres | quote }}
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: postgres
name: postgres
selector:
app.kubernetes.io/component: postgres
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

16
gitops/charts/onelab/templates/service-rabbitmq.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: rabbitmq
labels:
{{- include "onelab.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: 5671
targetPort: amqps
name: amqps
selector:
app.kubernetes.io/component: rabbitmq
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

61
gitops/charts/onelab/templates/statefulset-postgres.yaml Normal file
View File

@@ -0,0 +1,61 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: db
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.postgres | quote }}
spec:
replicas: 1
serviceName: db
selector:
matchLabels:
app.kubernetes.io/component: postgres
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/component: postgres
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: postgres
image: {{ printf "%s/%s:%s" .Values.images.registry .Values.images.postgres .Values.images.postgresTag | quote }}
ports:
- containerPort: 5432
name: postgres
env:
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_DB
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: onelab-postgres
key: postgres-password
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
{{- with .Values.postgresql.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.postgres.size | quote }}

80
gitops/charts/onelab/templates/statefulset-rabbitmq.yaml Normal file
View File

@@ -0,0 +1,80 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: rabbitmq
labels:
{{- include "onelab.labels" . | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ .Values.syncWaves.statefulDeps | quote }}
spec:
replicas: 1
serviceName: rabbitmq
selector:
matchLabels:
app.kubernetes.io/component: rabbitmq
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/component: rabbitmq
app.kubernetes.io/name: {{ include "onelab.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
hostname: onelab
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: rabbitmq
image: {{ printf "%s/%s:%s" .Values.images.registry .Values.images.rabbitmq .Values.images.rabbitmqTag | quote }}
ports:
- containerPort: 5671
name: amqps
volumeMounts:
- name: rabbit-data
mountPath: /var/lib/rabbitmq/mnesia
- name: rabbit-config
mountPath: /etc/rabbitmq/rabbitmq.conf
subPath: rabbit.conf
- name: rabbit-config
mountPath: /etc/rabbitmq/advanced.conf
subPath: advanced.conf
- name: rabbit-config
mountPath: /etc/rabbitmq/enabled_plugins
subPath: enable_plugins
- name: rabbit-config
mountPath: /opt/definitions.json
subPath: definitions.json
- name: rabbit-tls
mountPath: /etc/rabbitmq/ssl/rabbit.crt
subPath: rabbit.crt
- name: rabbit-tls
mountPath: /etc/rabbitmq/ssl/rabbit.key
subPath: rabbit.key
- name: rabbit-tls
mountPath: /etc/rabbitmq/ssl/rabbit.fullchain.pem
subPath: rabbit.fullchain.pem
{{- with .Values.rabbitmq.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumes:
- name: rabbit-config
configMap:
name: onelab-rabbit-config
- name: rabbit-tls
secret:
secretName: {{ .Values.rabbitmq.tls.secretName }}
volumeClaimTemplates:
- metadata:
name: rabbit-data
spec:
accessModes: ["ReadWriteOnce"]
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.rabbitmq.size | quote }}

116
gitops/charts/onelab/templates/workloads.yaml Normal file
View File

@@ -0,0 +1,116 @@
{{- $root := . }}
{{- range .Values.workloads }}
{{- $n := .replicas | default 1 | int }}
{{- if and .replicaKey (hasKey $root.Values.replicas .replicaKey) }}
{{- $n = index $root.Values.replicas .replicaKey | int }}
{{- end }}
{{- $vols := or .config (not (empty .mounts)) }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .name }}
labels:
app.kubernetes.io/component: {{ .name }}
{{- include "onelab.labels" $root | nindent 4 }}
annotations:
argocd.argoproj.io/sync-wave: {{ $root.Values.syncWaves.apps | quote }}
spec:
replicas: {{ $n }}
selector:
matchLabels:
app.kubernetes.io/component: {{ .name }}
app.kubernetes.io/name: {{ include "onelab.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/component: {{ .name }}
app.kubernetes.io/name: {{ include "onelab.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
spec:
{{- with $root.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .name }}
image: {{ printf "%s/%s:%s" $root.Values.images.registry .image $root.Values.images.tag | quote }}
{{- if .port }}
ports:
- containerPort: {{ .port }}
name: http
{{- end }}
{{- if and .website (not $root.Values.website.ssr) }}
env:
- name: RENDERING_MODE
value: "no-ssr"
{{- end }}
{{- if $vols }}
volumeMounts:
{{- if .config }}
- name: configurations
mountPath: /conf/configurations.yml
subPath: configurations.yml
readOnly: true
{{- end }}
{{- if has "logs" .mounts }}
- name: logs
mountPath: /logs
{{- end }}
{{- if has "data" .mounts }}
- name: data
mountPath: /data
{{- end }}
{{- if has "shared" .mounts }}
- name: data
mountPath: /shared-inputs
subPath: shared/inputs
- name: data
mountPath: /shared-archived
subPath: shared/archived
{{- end }}
{{- end }}
{{- if $vols }}
volumes:
{{- if .config }}
- name: configurations
secret:
secretName: onelab-configurations
{{- end }}
{{- if eq $root.Values.persistence.mode "hostPath" }}
{{- if has "logs" .mounts }}
- name: logs
hostPath:
path: {{ $root.Values.persistence.hostPath.logs }}
type: DirectoryOrCreate
{{- end }}
{{- if or (has "data" .mounts) (has "shared" .mounts) }}
- name: data
hostPath:
path: {{ $root.Values.persistence.hostPath.data }}
type: DirectoryOrCreate
{{- end }}
{{- end }}
{{- end }}
{{- if and .port (gt (int .port) 0) }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ .name }}
labels:
app.kubernetes.io/component: {{ .name }}
{{- include "onelab.labels" $root | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .port }}
targetPort: http
name: http
selector:
app.kubernetes.io/component: {{ .name }}
app.kubernetes.io/name: {{ include "onelab.name" $root }}
app.kubernetes.io/instance: {{ $root.Release.Name }}
{{- end }}
{{- end }}