siderolabs
diff --git a/‎charts/image-factory/.helmignore‎ b/‎charts/image-factory/.helmignore‎
diff --git a/‎charts/image-factory/Chart.yaml‎
Lines changed: 10 additions & 0 deletions b/‎charts/image-factory/Chart.yaml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎charts/image-factory/templates/NOTES.txt‎
Lines changed: 12 additions & 0 deletions b/‎charts/image-factory/templates/NOTES.txt‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎charts/image-factory/templates/_helpers.tpl‎
Lines changed: 66 additions & 0 deletions b/‎charts/image-factory/templates/_helpers.tpl‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎charts/image-factory/templates/deployment.yaml‎
Lines changed: 193 additions & 0 deletions b/‎charts/image-factory/templates/deployment.yaml‎
Lines changed: 193 additions & 0 deletions
diff --git a/‎charts/image-factory/templates/ingress.yaml‎
Lines changed: 62 additions & 0 deletions b/‎charts/image-factory/templates/ingress.yaml‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎charts/image-factory/templates/secret.yaml‎
Lines changed: 16 additions & 0 deletions b/‎charts/image-factory/templates/secret.yaml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎charts/image-factory/templates/service.yaml‎
Lines changed: 21 additions & 0 deletions b/‎charts/image-factory/templates/service.yaml‎
Lines changed: 21 additions & 0 deletions
@@ -0,0 +1,10 @@
+apiVersion: v2
+type: application
+name: image-factory
+description: |
+  A service to generate Talos boot assets.
+home: https://github.com/siderolabs/image-factory
+version: 0.0.0-alpha.1
+appVersion: "v0.8.4"
+sources:
+  - https://github.com/siderolabs/image-factory
@@ -0,0 +1,12 @@
+Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "imageFactory.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:{{ .Values.service.port }}
+{{- end }}
@@ -0,0 +1,66 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "imageFactory.name" -}}
+    {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "imageFactory.fullname" -}}
+    {{- if .Values.fullnameOverride }}
+        {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+    {{- else }}
+        {{- $name := default .Chart.Name .Values.nameOverride }}
+        {{- if contains $name .Release.Name }}
+            {{- .Release.Name | trunc 63 | trimSuffix "-" }}
+        {{- else }}
+            {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+        {{- end }}
+    {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "imageFactory.chart" -}}
+    {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "imageFactory.labels" -}}
+helm.sh/chart: {{ include "imageFactory.chart" . }}
+{{ include "imageFactory.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "imageFactory.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "imageFactory.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "imageFactory.serviceAccountName" -}}
+    {{- if .Values.serviceAccount.create }}
+        {{- default (include "imageFactory.fullname" .) .Values.serviceAccount.name }}
+    {{- else }}
+        {{- default "default" .Values.serviceAccount.name }}
+    {{- end }}
+{{- end }}
+
+{{/*
+Create secret name used for configuring imageFactory.
+*/}}
+{{- define "imageFactory.secret" -}}
+    {{- default (printf "%s" (include "imageFactory.fullname" .)) .Values.secret.name }}
+{{- end }}
@@ -0,0 +1,193 @@
+{{- $replicaCount := int (.Values.replicaCount | default 1) }}
+{{- $cacheRepository := .Values.config.cacheRepository | required ".Values.config.cacheRepository is required." }}
+{{- $schematicServiceRepository := .Values.config.schematicServiceRepository | required ".Values.config.schematicServiceRepository is required." }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "imageFactory.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "imageFactory.labels" . | nindent 4 }}
+spec:
+  serviceName: {{ include "imageFactory.fullname" . }}
+  replicas: {{ $replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "imageFactory.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "imageFactory.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "imageFactory.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      volumes:
+        - name: secret
+          secret:
+            secretName: {{ include "imageFactory.secret" . }}
+      containers:
+        - name: image-factory
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          args:
+            - -cache-repository={{ $cacheRepository }}
+            - -cache-signing-key-path=/opt/image-factory/cache-signing-key.pem
+            - -http-port=:8080
+            - -schematic-service-repository={{ $schematicServiceRepository }}
+            {{- with .Values.config }}
+            {{- if .assetBuilderMaxConcurrency }}
+            - -asset-builder-max-concurrency={{ .assetBuilderMaxConcurrency }}
+            {{- end }}
+            {{- if .cacheCdnEnabled }}
+            - -cache-cdn-enabled
+            {{- end }}
+            {{- if .cacheCdnHost }}
+            - -cache-cdn-host={{ .cacheCdnHost }}
+            {{- end }}
+            {{- if .cacheCdnTrimPrefix }}
+            - -cache-cdn-trim-prefix={{ .cacheCdnTrimPrefix }}
+            {{- end }}
+            {{- if .cacheS3Bucket }}
+            - -cache-s3-bucket={{ .cacheS3Bucket }}
+            {{- end }}
+            {{- if .cacheS3Enabled }}
+            - -cache-s3-enabled
+            {{- end }}
+            {{- if .cacheS3Endpoint }}
+            - -cache-s3-endpoint={{ .cacheS3Endpoint }}
+            {{- end }}
+            {{- if .cacheS3Region }}
+            - -cache-s3-region={{ .cacheS3Region }}
+            {{- end }}
+            {{- if .containerSignatureDisabled }}
+            - -container-signature-disabled
+            {{- end }}
+            {{- if .containerSignatureIssuer }}
+            - -container-signature-issuer={{ .containerSignatureIssuer }}
+            {{- end }}
+            {{- if .containerSignatureIssuerRegexp }}
+            - -container-signature-issuer-regexp={{ .containerSignatureIssuerRegexp }}
+            {{- end }}
+            {{- if .containerSignaturePubkey }}
+            - -container-signature-pubkey={{ .containerSignaturePubkey }}
+            {{- end }}
+            {{- if .containerSignaturePubkeyHashalgo }}
+            - -container-signature-pubkey-hashalgo={{ .containerSignaturePubkeyHashalgo }}
+            {{- end }}
+            {{- if .containerSignatureSubjectRegexp }}
+            - -container-signature-subject-regexp={{ .containerSignatureSubjectRegexp }}
+            {{- end }}
+            {{- if .externalPxeUrl }}
+            - -external-pxe-url={{ .externalPxeUrl }}
+            {{- end }}
+            {{- if .externalUrl }}
+            - -external-url={{ .externalUrl }}
+            {{- end }}
+            {{- if .imageRegistry }}
+            - -image-registry={{ .imageRegistry }}
+            {{- end }}
+            {{- if .insecureCacheRepository }}
+            - -insecure-cache-repository
+            {{- end }}
+            {{- if .insecureCacheS3 }}
+            - -insecure-cache-s3
+            {{- end }}
+            {{- if .insecureImageRegistry }}
+            - -insecure-image-registry
+            {{- end }}
+            {{- if .insecureInstallerInternalRepository }}
+            - -insecure-installer-internal-repository
+            {{- end }}
+            {{- if .insecureSchematicServiceRepository }}
+            - -insecure-schematic-service-repository
+            {{- end }}
+            {{- if .installerExternalRepository }}
+            - -installer-external-repository={{ .installerExternalRepository }}
+            {{- end }}
+            {{- if .installerInternalRepository }}
+            - -installer-internal-repository={{ .installerInternalRepository }}
+            {{- end }}
+            {{- if .logLevel }}
+            - -log-level={{ .logLevel }}
+            {{- end }}
+            {{- if .metricsListenAddr }}
+            - -metrics-listen-addr={{ .metricsListenAddr }}
+            {{- end }}
+            {{- if .minTalosVersion }}
+            - -min-talos-version={{ .minTalosVersion }}
+            {{- end }}
+            {{- if .registryRefreshInterval }}
+            - -registry-refresh-interval={{ .registryRefreshInterval }}
+            {{- end }}
+            {{- if .secureboot }}
+            - -secureboot
+            {{- end }}
+            {{- if .securebootAwsCertPath }}
+            - -secureboot-aws-cert-path={{ .securebootAwsCertPath }}
+            {{- end }}
+            {{- if .securebootAwsKmsIdKeyId }}
+            - -secureboot-aws-kms-id-key-id={{ .securebootAwsKmsIdKeyId }}
+            {{- end }}
+            {{- if .securebootAwsPcrKmsKeyId }}
+            - -secureboot-aws-pcr-kms-key-id={{ .securebootAwsPcrKmsKeyId }}
+            {{- end }}
+            {{- if .securebootAwsRegion }}
+            - -secureboot-aws-region={{ .securebootAwsRegion }}
+            {{- end }}
+            {{- if .securebootAzureCertificateName }}
+            - -secureboot-azure-certificate-name={{ .securebootAzureCertificateName }}
+            {{- end }}
+            {{- if .securebootAzureKeyName }}
+            - -secureboot-azure-key-name={{ .securebootAzureKeyName }}
+            {{- end }}
+            {{- if .securebootAzureKeyVaultUrl }}
+            - -secureboot-azure-key-vault-url={{ .securebootAzureKeyVaultUrl }}
+            {{- end }}
+            {{- if .securebootPcrKeyPath }}
+            - -secureboot-pcr-key-path={{ .securebootPcrKeyPath }}
+            {{- end }}
+            {{- if .securebootSigningCertPath }}
+            - -secureboot-signing-cert-path={{ .securebootSigningCertPath }}
+            {{- end }}
+            {{- if .securebootSigningKeyPath }}
+            - -secureboot-signing-key-path={{ .securebootSigningKeyPath }}
+            {{- end }}
+            {{- if .talosVersionsRecheckInterval }}
+            - -talos-versions-recheck-interval={{ .talosVersionsRecheckInterval }}
+            {{- end }}
+            {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: api
+              containerPort: 8080
+              protocol: TCP
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: secret
+              mountPath: /opt/image-factory
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
@@ -0,0 +1,62 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "imageFactory.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+    {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "imageFactory.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      {{ with .secretName }}
+      secretName: {{ . }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.host | quote }}
+      http:
+        paths:
+          {{- range .Values.ingress.paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+{{- end }}
@@ -0,0 +1,16 @@
+{{- if .Values.secret.create -}}
+{{- $key := default (genPrivateKey "ecdsa") .Values.secret.cacheSigningKey }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "imageFactory.secret" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "imageFactory.labels" . | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
+type: Opaque
+stringData:
+  cache-signing-key.pem: |
+    {{- $key | nindent 4 }}
+{{- end }}
@@ -0,0 +1,21 @@
+{{- $svcPort := .Values.service.port | default 80 -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "imageFactory.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "imageFactory.labels" . | nindent 4 }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.type | default "ClusterIP" }}
+  ports:
+    - port: {{ $svcPort }}
+      targetPort: api
+      protocol: TCP
+      name: api
+  selector:
+    {{- include "imageFactory.selectorLabels" . | nindent 4 }}