add vcluster as subchart

Author: ilia-medvedev-codefresh

charts/vcluster/.helmignore renamed to charts/cf-vcluster/.helmignore

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cf-vcluster
+description: Umbrella chart over vCluster adjusted for Codefresh use cases - mainly in Crossplane compositions
+type: application
+version: 0.28.0-0
+appVersion: "0.28.0"

charts/cf-vcluster/Chart.yaml

@@ -0,0 +1,36 @@
+# cf-vcluster
+
+![Version: 0.28.0-0](https://img.shields.io/badge/Version-0.28.0--0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.28.0](https://img.shields.io/badge/AppVersion-0.28.0-informational?style=flat-square)
+
+Umbrella chart over vCluster adjusted for Codefresh use cases - mainly in Crossplane compositions
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.loft.sh | vcluster | 0.28.0 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| ingress.internal.annotations | object | `{}` |  |
+| ingress.internal.backendService | object | `{}` | Possibility to override backend service name for ingress. If not set default vcluster backend service will be used |
+| ingress.internal.enabled | bool | `false` |  |
+| ingress.internal.host.domain | string | `"example.com"` |  |
+| ingress.internal.host.name | string | `"{{ .Release.Name }}"` |  |
+| ingress.internal.ingressClassName | string | `"nginx-internal"` |  |
+| ingress.public.annotations | object | `{}` |  |
+| ingress.public.backendService | object | `{}` | Possibility to override backend service name for ingress. If not set default vcluster backend service will be used |
+| ingress.public.enabled | bool | `false` |  |
+| ingress.public.host.domain | string | `"example.com"` |  |
+| ingress.public.host.name | string | `"{{ .Release.Name }}"` |  |
+| ingress.public.ingressClassName | string | `"nginx-public"` |  |
+| vcluster.controlPlane.distro.k8s.apiServer.extraArgs[0] | string | `"--oidc-issuer-url=https://dexidp.shared-services.cf-infra.com"` |  |
+| vcluster.controlPlane.distro.k8s.apiServer.extraArgs[1] | string | `"--oidc-client-id=vcluster-login"` |  |
+| vcluster.controlPlane.distro.k8s.apiServer.extraArgs[2] | string | `"--oidc-username-claim=email"` |  |
+| vcluster.controlPlane.distro.k8s.apiServer.extraArgs[3] | string | `"--oidc-groups-claim=groups"` |  |
+| vcluster.controlPlane.distro.k8s.enabled | bool | `true` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.9.1](https://github.com/norwoodj/helm-docs/releases/v1.9.1)

charts/cf-vcluster/README.md

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/cf-vcluster/charts/vcluster/.helmignore

@@ -0,0 +1,26 @@
+apiVersion: v2
+appVersion: 0.28.0
+description: vcluster - Virtual Kubernetes Clusters
+home: https://vcluster.com
+icon: https://static.loft.sh/branding/logos/vcluster/vertical/vcluster_vertical.svg
+keywords:
+- developer
+- development
+- sharing
+- share
+- multi-tenancy
+- tenancy
+- cluster
+- space
+- namespace
+- vcluster
+- vclusters
+maintainers:
+- email: [email protected]
+  name: Loft Labs, Inc.
+  url: https://twitter.com/loft_sh
+name: vcluster
+sources:
+- https://github.com/loft-sh/vcluster
+type: application
+version: 0.28.0

charts/cf-vcluster/charts/vcluster/Chart.yaml

@@ -0,0 +1,64 @@
+
+# vcluster
+
+## **[GitHub](https://github.com/loft-sh/vcluster)** • **[Website](https://www.vcluster.com)** • **[Quickstart](https://www.vcluster.com/docs/getting-started/setup)** • **[Documentation](https://www.vcluster.com/docs/what-are-virtual-clusters)** • **[Blog](https://loft.sh/blog)** • **[Twitter](https://twitter.com/loft_sh)** • **[Slack](https://slack.loft.sh/)**
+
+Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.
+
+## Prerequisites
+
+- Kubernetes 1.18+
+- Helm 3.10.0+
+
+## Get Helm Repository Info
+
+```bash
+helm repo add loft-sh https://charts.loft.sh
+helm repo update
+```
+
+See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation.
+
+## Install Helm Chart
+
+```bash
+helm upgrade [RELEASE_NAME] loft-sh/vcluster -n [RELEASE_NAMESPACE] --create-namespace --install
+```
+
+See [vcluster docs](https://vcluster.com/docs) for configuration options.
+
+See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation.
+
+## Connect to the vcluster
+
+In order to connect to the installed vcluster, please install [vcluster cli](https://www.vcluster.com/docs/getting-started/setup) and run:
+
+```bash
+vcluster connect [RELEASE_NAME] -n [RELEASE_NAMESPACE]
+```
+
+## Uninstall Helm Chart
+
+```bash
+helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation.
+
+### Why Virtual Kubernetes Clusters?
+
+- **Cluster Scoped Resources**: much more powerful than simple namespaces (virtual clusters allow users to use CRDs, namespaces, cluster roles etc.)
+- **Ease of Use**: usable in any Kubernetes cluster and created in seconds either via a single command or [cluster-api](https://github.com/loft-sh/cluster-api-provider-vcluster)
+- **Cost Efficient**: much cheaper and efficient than "real" clusters (single pod and shared resources just like for namespaces)
+- **Lightweight**: built upon the ultra-fast k3s distribution with minimal overhead per virtual cluster (other distributions work as well)
+- **Strict isolation**: complete separate Kubernetes control plane and access point for each vcluster while still being able to share certain services of the underlying host cluster
+- **Cluster Wide Permissions**: allow users to install apps which require cluster-wide permissions while being limited to actually just one namespace within the host cluster
+- **Great for Testing**: allow you to test different Kubernetes versions inside a single host cluster which may have a different version than the virtual clusters
+
+Learn more on [www.vcluster.com](https://vcluster.com).
+
+![vcluster Intro](https://github.com/loft-sh/vcluster/raw/main/docs/static/media/vcluster-comparison.png)
+
+Learn more in the [documentation](https://vcluster.com/docs/what-are-virtual-clusters).

charts/cf-vcluster/charts/vcluster/README.md

@@ -0,0 +1,36 @@
+{{/*
+  is deploy etcd enabled?
+*/}}
+{{- define "vcluster.database.embedded.enabled" -}}
+{{- $backingStores := 0 -}}
+{{- if .Values.controlPlane.backingStore.etcd.embedded.enabled -}}
+{{- $backingStores = add1 $backingStores -}}
+{{- end -}}
+{{- if .Values.controlPlane.backingStore.etcd.deploy.enabled -}}
+{{- $backingStores = add1 $backingStores -}}
+{{- end -}}
+{{- if .Values.controlPlane.backingStore.etcd.external.enabled -}}
+{{- $backingStores = add1 $backingStores -}}
+{{- end -}}
+{{- if .Values.controlPlane.backingStore.database.embedded.enabled -}}
+{{- $backingStores = add1 $backingStores -}}
+{{- end -}}
+{{- if .Values.controlPlane.backingStore.database.external.enabled -}}
+{{- $backingStores = add1 $backingStores -}}
+{{- end -}}
+{{- if gt $backingStores 1 -}}
+{{- fail "you can only enable one backingStore at the same time" -}}
+{{- else if or (eq $backingStores 0) .Values.controlPlane.backingStore.database.embedded.enabled -}}
+{{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+  migrate from deployed etcd?
+*/}}
+{{- define "vcluster.etcd.embedded.migrate" -}}
+{{- if and .Values.controlPlane.backingStore.etcd.embedded.enabled .Values.controlPlane.backingStore.etcd.embedded.migrateFromDeployedEtcd -}}
+{{- true -}}
+{{- end -}}
+{{- end -}}
+

charts/cf-vcluster/charts/vcluster/templates/_backingstore.tpl

@@ -0,0 +1,27 @@
+{{- define "vcluster.distro.env" -}}
+{{- if and (eq (include "vcluster.distro" .) "k3s") .Values.controlPlane.distro.k3s.env -}}
+{{ toYaml .Values.controlPlane.distro.k3s.env }}
+{{- else if and (eq (include "vcluster.distro" .) "k8s") .Values.controlPlane.distro.k8s.env -}}
+{{ toYaml .Values.controlPlane.distro.k8s.env }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+  vCluster Distro
+*/}}
+{{- define "vcluster.distro" -}}
+{{- $distros := 0 -}}
+{{- if .Values.controlPlane.distro.k3s.enabled -}}
+k3s
+{{- $distros = add1 $distros -}}
+{{- end -}}
+{{- if .Values.controlPlane.distro.k8s.enabled -}}
+k8s
+{{- $distros = add1 $distros -}}
+{{- end -}}
+{{- if eq $distros 0 -}}
+k8s
+{{- else if gt $distros 1 -}}
+{{- fail "you can only enable one distro at the same time" -}}
+{{- end -}}
+{{- end -}}

charts/cf-vcluster/charts/vcluster/templates/_distro.tpl

@@ -0,0 +1,37 @@
+{{- define "vcluster.exportKubeConfig.validate" }}
+{{- /*
+  Verify that exportKubeConfig.secret and exportKubeConfig.additionalSecrets are
+  not set at the same time.
+*/}}
+{{- $secretSet := false }}
+{{- if .Values.exportKubeConfig.secret }}
+{{- $secretSet = or (.Values.exportKubeConfig.secret.name | trim | ne "") (.Values.exportKubeConfig.secret.namespace | trim | ne "") }}
+{{- end }}
+{{- $additionalSecretsSet := false }}
+{{- if .Values.exportKubeConfig.additionalSecrets }}
+{{- $additionalSecretsSet = gt (len .Values.exportKubeConfig.additionalSecrets) 0 }}
+{{- end }}
+{{- if and $secretSet $additionalSecretsSet }}
+{{- fail "exportKubeConfig.secret and exportKubeConfig.additionalSecrets cannot be set at the same time" }}
+{{- end }}
+{{- /*
+  Verify that additional secrets have name or namespace set.
+*/}}
+{{- range $_, $additionalSecret := .Values.exportKubeConfig.additionalSecrets }}
+{{- $nameSet := false }}
+{{- $namespaceSet := false }}
+{{- if $additionalSecret.name }}
+{{- if $additionalSecret.name | trim | ne "" }}
+{{- $nameSet = true }}
+{{- end }}
+{{- end }}
+{{- if $additionalSecret.namespace }}
+{{- if $additionalSecret.namespace | trim | ne "" }}
+{{- $namespaceSet = true }}
+{{- end }}
+{{- end }}
+{{- if not (or $nameSet $namespaceSet) }}
+{{- fail (cat "additional secret must have name and/or namespace set, found:" (toJson $additionalSecret)) }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/cf-vcluster/charts/vcluster/templates/_exportKubeConfig.tpl

@@ -0,0 +1,17 @@
+{{- define "vcluster.controlPlane.image" -}}
+{{- $tag := .Chart.Version -}}
+{{- if .Values.controlPlane.statefulSet.image.tag -}}
+{{- $tag = .Values.controlPlane.statefulSet.image.tag -}}
+{{- end -}}
+{{- include "vcluster.image" (dict "defaultImageRegistry" .Values.controlPlane.advanced.defaultImageRegistry "tag" $tag "registry" .Values.controlPlane.statefulSet.image.registry "repository" .Values.controlPlane.statefulSet.image.repository) -}}
+{{- end -}}
+
+{{- define "vcluster.image" -}}
+{{- if .defaultImageRegistry -}}
+{{ .defaultImageRegistry }}/{{ .repository }}:{{ .tag }}
+{{- else if .registry -}}
+{{ .registry }}/{{ .repository }}:{{ .tag }}
+{{- else -}}
+{{ .repository }}:{{ .tag }}
+{{- end -}}
+{{- end -}}