drunk.charts

Drunk-lib Library Chart Reference

The drunk-lib Helm chart library provides a comprehensive collection of reusable templates for Kubernetes applications. It serves as the foundation for the drunk-app chart and can be used by any Helm chart that needs standardized, production-ready Kubernetes resources.

Table of Contents

Overview

Purpose

Drunk-lib eliminates the need to write repetitive Kubernetes resource templates by providing:

Key Benefits

Architecture

Library Chart Structure

drunk-lib/
├── Chart.yaml                 # Chart metadata (type: library)
├── values.yaml               # Default configuration values
└── templates/
    ├── _helpers.tpl          # Helper functions and labels
    ├── _deployment.tpl       # Deployment template
    ├── _statefulset.tpl      # StatefulSet template
    ├── _service.tpl          # Service template
    ├── _ingress.tpl          # Ingress template
    ├── _gateway.tpl          # Gateway API Gateway template
    ├── _httproute.tpl        # Gateway API HTTPRoute template
    ├── _configMap.tpl        # ConfigMap template
    ├── _secrets.tpl          # Secret template
    ├── _secretprovider.tpl   # Azure Key Vault SecretProviderClass
    ├── _serviceAccount.tpl   # ServiceAccount template
    ├── _volumes.tpl          # PersistentVolumeClaim templates
    ├── _cronjob.tpl          # CronJob template
    ├── _job.tpl              # Job template
    ├── _hpa.tpl              # HorizontalPodAutoscaler template
    └── _tls-secrets.tpl      # TLS Secret template

Template Naming Convention

All templates follow the naming pattern: drunk-lib.<resource-type>

Examples:

Available Templates

Core Resources

Template Purpose Template Name
Deployment Standard application deployment drunk-lib.deployment
StatefulSet Stateful application deployment drunk-lib.statefulSet
Service Service discovery and load balancing drunk-lib.service
Ingress External access routing (traditional) drunk-lib.ingress
Gateway External access via Gateway API drunk-lib.gateway
HTTPRoute HTTP routing rules for Gateway API drunk-lib.httpRoute

Configuration Resources

Template Purpose Template Name
ConfigMap Application configuration drunk-lib.configMap
Secret Sensitive configuration drunk-lib.secrets
SecretProviderClass Azure Key Vault integration drunk-lib.secretProvider
TLS Secret TLS certificate storage drunk-lib.tlsSecrets

Storage Resources

Template Purpose Template Name
PersistentVolumeClaim Persistent storage drunk-lib.volumes

Batch Resources

Template Purpose Template Name
CronJob Scheduled jobs drunk-lib.cronJobs
Job One-time jobs drunk-lib.jobs

Scaling & Security

Template Purpose Template Name
HPA Horizontal Pod Autoscaler drunk-lib.hpa
ServiceAccount Pod identity drunk-lib.serviceAccount
ImagePullSecret Registry authentication drunk-lib.imagePullSecret
NetworkPolicy Network access control drunk-lib.networkPolicies

Template Reference

Helper Templates

app.name

Returns the application name based on chart name or nameOverride.

app.fullname

Returns the full application name including release name.

app.labels

Returns standard Kubernetes labels for resources.

labels:

app.selectorLabels

Returns selector labels for matching pods.

selector:
  matchLabels:

Deployment Template

Template: drunk-lib.deployment

Creates a Kubernetes Deployment with comprehensive configuration options.

Key Features:

Configuration:

deployment:
  enabled: true
  replicaCount: 1
  command: []
  args: []
  ports:
    http: 8080
    https: 8443
  liveness: "/health"
  readiness: "/ready"
  podAnnotations: {}
  
global:
  image: "myapp/image"
  tag: "latest"
  imagePullPolicy: "IfNotPresent"
  imagePullSecret: "registry-secret"

resources:
  limits:
    cpu: 500m
    memory: 512Mi
  requests:
    cpu: 100m
    memory: 128Mi

StatefulSet Template

Template: drunk-lib.statefulSet

Creates a Kubernetes StatefulSet for stateful applications.

Configuration:

statefulset:
  enabled: true
  serviceName: "my-stateful-service"
  volumeClaimTemplates:
    - name: "data"
      storage: "10Gi"
      storageClassName: "fast-ssd"
      accessModes: ["ReadWriteOnce"]

Service Template

Template: drunk-lib.service

Creates a Kubernetes Service for pod discovery and load balancing.

Configuration:

service:
  type: "ClusterIP"  # ClusterIP, NodePort, LoadBalancer
  ports:
    - name: "http"
      port: 80
      targetPort: 8080

ConfigMap Template

Template: drunk-lib.configMap

Creates a ConfigMap for application configuration.

Configuration:

configMap:
  app.properties: |
    server.port=8080
    logging.level=INFO
  config.json: |
    {"feature": "enabled"}

# Reference external ConfigMaps
configFrom:
  - "shared-config"
  - "environment-config"

Secrets Template

Template: drunk-lib.secrets

Creates a Secret for sensitive configuration.

Configuration:

secrets:
  DATABASE_PASSWORD: "secret-password"
  API_KEY: "your-api-key"

# Reference external Secrets
secretFrom:
  - "database-credentials"
  - "api-keys"

SecretProviderClass Template

Template: drunk-lib.secretProvider

Creates a SecretProviderClass for Azure Key Vault integration using the Secrets Store CSI driver.

Configuration:

secretProvider:
  enabled: true
  name: "my-key-vault-spc"
  tenantId: "your-tenant-id"
  vaultName: "your-key-vault"
  usePodIdentity: false
  useWorkloadIdentity: true
  objects:
    - objectName: "database-password"
      objectType: "secret"
    - objectName: "api-certificate"
      objectType: "cert"
  secretObjects:
    - secretName: "app-secrets"
      type: "Opaque"
      data:
        - key: "DATABASE_PASSWORD"
          objectName: "database-password"

CronJob Template

Template: drunk-lib.cronJobs

Creates CronJob resources for scheduled tasks.

Configuration:

cronJobs:
  - name: "backup"
    schedule: "0 2 * * *"
    command: ["/app/backup.sh"]
    args: ["--verbose"]
    restartPolicy: "OnFailure"
    concurrencyPolicy: "Forbid"
  - name: "cleanup"
    schedule: "0 4 * * 0"
    command: ["/app/cleanup.sh"]

Job Template

Template: drunk-lib.jobs

Creates Job resources for one-time tasks.

Configuration:

jobs:
  - name: "migration"
    command: ["/app/migrate.sh"]
    args: ["--force"]
    restartPolicy: "Never"

Volumes Template

Template: drunk-lib.volumes

Creates PersistentVolumeClaim resources for storage.

Configuration:

volumes:
  data:
    size: "10Gi"
    storageClass: "fast-ssd"
    accessMode: "ReadWriteOnce"
    mountPath: "/app/data"
  logs:
    size: "5Gi"
    mountPath: "/var/log/app"
    readOnly: false
  # EmptyDir volumes
  tmp:
    mountPath: "/tmp"
    emptyDir: true

Ingress Template

Template: drunk-lib.ingress

Creates Ingress resources for external access.

Configuration:

ingress:
  enabled: true
  className: "nginx"
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: "/"
  hosts:
    - host: "myapp.example.com"
      paths:
        - path: "/"
          pathType: "Prefix"
          port: 8080
  tls:
    - secretName: "myapp-tls"
      hosts:
        - "myapp.example.com"

HPA Template

Template: drunk-lib.hpa

Creates HorizontalPodAutoscaler for automatic scaling.

Configuration:

autoscaling:
  enabled: true
  minReplicas: 2
  maxReplicas: 10
  targetCPUUtilizationPercentage: 70
  targetMemoryUtilizationPercentage: 80

NetworkPolicy Template

Template: drunk-lib.networkPolicies

Creates NetworkPolicy resources to control network access to pods. Supports both legacy single policy and modern multiple policies configurations.

Note: Requires a CNI plugin that supports NetworkPolicy (e.g., Calico, Cilium, Weave Net).

Legacy Single Policy Configuration:

networkPolicy:
  policyTypes:
    - Ingress
  podSelector:
    app: my-app
  ingress:
    - from:
      - podSelector:
          matchLabels:
            app: frontend
      ports:
      - protocol: TCP
        port: 8080

networkPolicies:
  # Allow traffic from private IP ranges
  - name: allow-private-ips
    enabled: true
    policyTypes:
      - Ingress
    ingress:
      - from:
        - ipBlock:
            cidr: 10.0.0.0/8
        - ipBlock:
            cidr: 172.16.0.0/12
        - ipBlock:
            cidr: 192.168.0.0/16
        ports:
        - protocol: TCP
          port: 8080
  
  # Allow traffic from same namespace
  - name: allow-same-namespace
    enabled: true
    policyTypes:
      - Ingress
    ingress:
      - from:
        - podSelector: {}
  
  # Restrict egress to specific services
  - name: allow-egress-database
    enabled: true
    policyTypes:
      - Egress
    egress:
      - to:
        - podSelector:
            matchLabels:
              app: postgres
        ports:
        - protocol: TCP
          port: 5432

Configuration Options:

Parameter Description Default
name Policy name Required
enabled Enable/disable this policy true
nameSuffix Custom suffix for resource name -{name}
podSelector Pod selector (defaults to app labels) App labels
labels Additional labels {}
policyTypes Policy types (Ingress, Egress) Required
ingress Ingress rules []
egress Egress rules []

Usage Examples

Creating a Chart that Uses drunk-lib

1. Chart.yaml

apiVersion: v2
name: my-app
description: My application chart
type: application
version: 0.1.0
appVersion: "1.0"

dependencies:
  - name: drunk-lib
    version: "1.0.7"
    repository: "https://baoduy.github.io/drunk.charts/drunk-lib"

2. Template Usage

templates/deployment.yaml

templates/service.yaml

templates/configmap.yaml

3. Values Configuration

global:
  image: "myapp/image"
  tag: "v1.0.0"

deployment:
  enabled: true
  ports:
    http: 8080

configMap:
  app.properties: |
    server.port=8080
    
service:
  type: "ClusterIP"

Advanced Usage: Custom Templates

You can create custom templates that extend drunk-lib templates:

Environment-Specific Configurations

values-dev.yaml

global:
  tag: "dev"

deployment:
  replicaCount: 1

ingress:
  hosts:
    - host: "dev.myapp.example.com"

values-prod.yaml

global:
  tag: "v1.0.0"

deployment:
  replicaCount: 3

autoscaling:
  enabled: true
  minReplicas: 3
  maxReplicas: 10

ingress:
  hosts:
    - host: "myapp.example.com"
  tls:
    - secretName: "myapp-prod-tls"
      hosts:
        - "myapp.example.com"

Extending the Library

Adding New Templates

  1. Create a new template file in templates/: 
    touch templates/_myresource.tpl

  2. Define the named template: yamlapiVersion: v1 kind: MyResource metadata: name: labels: spec: # Your resource specification

  3. Document the template in this README.

Template Best Practices

  1. Naming: Use the drunk-lib. prefix for all templates
  2. Conditionals: Always check if features are enabled before rendering
  3. Defaults: Provide sensible defaults in values.yaml
  4. Documentation: Document all configuration options
  5. Testing: Add unit tests for new templates

Testing Templates

Use helm template to test template rendering:

# Test basic rendering
helm template test-release . --debug

# Test with custom values
helm template test-release . -f test-values.yaml --debug

# Test specific templates
helm template test-release . --show-only templates/deployment.yaml

Contributing

Development Setup

  1. Clone the repository
  2. Make changes to templates
  3. Test with helm template
  4. Update documentation
  5. Submit a pull request

Template Guidelines

Versioning

The library follows semantic versioning:

Changelog

v1.0.7

v1.0.6

Support

This library is the foundation of the drunk-app chart and enables consistent, production-ready deployments across all applications.