[Experiment] helm lint --strict compliance - not fully there

jupyterhub/templates/_helpers.tpl

@@ -91,7 +91,6 @@
 {{ .Values.nameOverride | default .Chart.Name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
-
 {{- /*
   jupyterhub.componentLabel:
     Used by "jupyterhub.labels" and "jupyterhub.nameField".
@@ -105,8 +104,8 @@
 {{- define "jupyterhub.componentLabel" -}}
 {{- $file := .Template.Name | base | trimSuffix ".yaml" -}}
 {{- $parent := .Template.Name | dir | base | trimPrefix "templates" -}}
-{{- $component := .componentLabel | default $parent | default $file -}}
-{{- $component := print (.componentPrefix | default "") $component (.componentSuffix | default "") -}}
+{{- $component := .Values.componentLabel | default $parent | default $file -}}
+{{- $component := print .Values.componentPrefix $component .Values.componentSuffix -}}
 {{ $component }}
 {{- end }}
 
@@ -122,7 +121,7 @@
         .Values to allow for multiple deployments within a single namespace.
 */}}
 {{- define "jupyterhub.nameField" -}}
-{{- $name := print (.namePrefix | default "") (include "jupyterhub.componentLabel" .) (.nameSuffix | default "") -}}
+{{- $name := print .Values.namePrefix (include "jupyterhub.componentLabel" .) .Values.nameSuffix -}}
 {{ printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -133,11 +132,11 @@
     Provides labels: app, release, (chart and heritage).
 */}}
 {{- define "jupyterhub.commonLabels" -}}
-app: {{ .appLabel | default (include "jupyterhub.appLabel" .) }}
+app: {{ .Values.appLabel | default (include "jupyterhub.appLabel" .) }}
 release: {{ .Release.Name }}
-{{- if not .matchLabels }}
+{{- if not .Values.matchLabels }}
 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-heritage: {{ .heritageLabel | default .Release.Service }}
+heritage: {{ .Values.heritageLabel | default .Release.Service }}
 {{- end }}
 {{- end }}
 
@@ -157,7 +156,7 @@ component: {{ include "jupyterhub.componentLabel" . }}
     Used to provide pod selection labels: component, app, release.
 */}}
 {{- define "jupyterhub.matchLabels" -}}
-{{- $_ := merge (dict "matchLabels" true) . -}}
+{{- $_ := merge (dict "Values" (dict "matchLabels" true)) . -}}
 {{ include "jupyterhub.labels" $_ }}
 {{- end }}
 

jupyterhub/templates/hub/deployment.yaml

@@ -41,11 +41,7 @@ spec:
             name: hub-config
         - name: secret
           secret:
-            {{- if .Values.hub.existingSecret }}
-            secretName: {{ .Values.hub.existingSecret }}
-            {{- else }}
-            secretName: hub-secret
-            {{- end }}
+            secretName: {{ .Values.hub.existingSecret | default "hub-secret" }}
         {{- if .Values.hub.extraVolumes }}
         {{- .Values.hub.extraVolumes | toYaml | trimSuffix "\n" | nindent 8 }}
         {{- end }}
@@ -145,11 +141,7 @@ spec:
             - name: JPY_COOKIE_SECRET
               valueFrom:
                 secretKeyRef:
-                  {{- if .Values.hub.existingSecret }}
-                  name: {{ .Values.hub.existingSecret }}
-                  {{- else }}
-                  name: hub-secret
-                  {{- end }}
+                  name: {{ .Values.hub.existingSecret | default "hub-secret" }}
                   key: hub.cookie-secret
             {{- end }}
             - name: POD_NAMESPACE
@@ -159,43 +151,27 @@ spec:
             - name: CONFIGPROXY_AUTH_TOKEN
               valueFrom:
                 secretKeyRef:
-                  {{- if .Values.hub.existingSecret }}
-                  name: {{ .Values.hub.existingSecret }}
-                  {{- else }}
-                  name: hub-secret
-                  {{- end }}
+                  name: {{ .Values.hub.existingSecret | default "hub-secret" }}
                   key: proxy.token
             {{- if .Values.auth.state.enabled }}
             - name: JUPYTERHUB_CRYPT_KEY
               valueFrom:
                 secretKeyRef:
-                  {{- if .Values.hub.existingSecret }}
-                  name: {{ .Values.hub.existingSecret }}
-                  {{- else }}
-                  name: hub-secret
-                  {{- end }}
+                  name: {{ .Values.hub.existingSecret | default "hub-secret" }}
                   key: auth.state.crypto-key
             {{- end }}
             {{- if .Values.hub.db.password }}
             {{- if eq .Values.hub.db.type "mysql" }}
             - name: MYSQL_PWD
               valueFrom:
                 secretKeyRef:
-                  {{- if .Values.hub.existingSecret }}
-                  name: {{ .Values.hub.existingSecret }}
-                  {{- else }}
-                  name: hub-secret
-                  {{- end }}
+                  name: {{ .Values.hub.existingSecret | default "hub-secret" }}
                   key: hub.db.password
             {{- else if eq .Values.hub.db.type "postgres" }}
             - name: PGPASSWORD
               valueFrom:
                 secretKeyRef:
-                  {{- if .Values.hub.existingSecret }}
-                  name: {{ .Values.hub.existingSecret }}
-                  {{- else }}
-                  name: hub-secret
-                  {{- end }}
+                  name: {{ .Values.hub.existingSecret | default "hub-secret" }}
                   key: hub.db.password
             {{- end }}
             {{- end }}

jupyterhub/templates/hub/image-credentials-secret.yaml

@@ -4,7 +4,7 @@ apiVersion: v1
 metadata:
   name: hub-image-credentials
   labels:
-    {{- $_ := merge (dict "componentSuffix" "-image-credentials") . }}
+    {{- $_ := merge (dict "Values" (dict "componentSuffix" "-image-credentials")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
 type: kubernetes.io/dockerconfigjson
 data:

jupyterhub/templates/hub/netpol.yaml

@@ -34,15 +34,15 @@ spec:
       to:
         - podSelector:
             matchLabels:
-              {{- $_ := merge (dict "componentLabel" "proxy") . }}
+              {{- $_ := merge (dict "Values" (dict "componentLabel" "proxy")) . }}
               {{- include "jupyterhub.matchLabels" $_ | nindent 14 }}
     # hub --> singleuser-server
     - ports:
         - port: 8888
       to:
         - podSelector:
             matchLabels:
-              {{- $_ := merge (dict "componentLabel" "singleuser-server") . }}
+              {{- $_ := merge (dict "Values" (dict "componentLabel" "singleuser-server")) . }}
               {{- include "jupyterhub.matchLabels" $_ | nindent 14 }}
 
     # hub -> Kubernetes internal DNS

jupyterhub/templates/hub/secret.yaml

@@ -11,11 +11,11 @@ data:
   {{- if .Values.hub.cookieSecret }}
   hub.cookie-secret: {{ .Values.hub.cookieSecret | b64enc | quote }}
   {{- end }}
-  {{- if .Values.hub.db.password }}
+  {{- with .Values.hub.db.password }}
   hub.db.password: {{ .Values.hub.db.password | b64enc | quote }}
   {{- end }}
   {{- if .Values.auth.state.enabled }}
-  auth.state.crypto-key: {{ (required "Encryption key is required for auth state to be persisted!" .Values.auth.state.cryptoKey) | b64enc | quote }}
+  auth.state.crypto-key: {{ .Values.auth.state.cryptoKey | required "Encryption key is required for auth state to be persisted!" | b64enc | quote }}
   {{- end }}
   {{- $values := dict "hub" dict }}
   {{- /* pluck only needed secret values, preserving values.yaml structure */ -}}

jupyterhub/templates/hub/service.yaml

@@ -11,19 +11,19 @@ metadata:
     {{- if not (index .Values.hub.service.annotations "prometheus.io/path") }}
     prometheus.io/path: {{ .Values.hub.baseUrl }}hub/metrics
     {{- end }}
-    {{- if .Values.hub.service.annotations }}
-    {{- .Values.hub.service.annotations | toYaml | nindent 4 }}
+    {{- with .Values.hub.service.annotations }}
+    {{- . | toYaml | nindent 4 }}
     {{- end }}
 spec:
   type: {{ .Values.hub.service.type }}
-  {{- if .Values.hub.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.hub.service.loadBalancerIP }}
+  {{- with .Values.hub.service.loadBalancerIP }}
+  loadBalancerIP: {{ . }}
   {{- end }}
   selector:
     {{- include "jupyterhub.matchLabels" . | nindent 4 }}
   ports:
     - port: 8081
       targetPort: http
-      {{- if .Values.hub.service.ports.nodePort }}
-      nodePort: {{ .Values.hub.service.ports.nodePort }}
+      {{- with .Values.hub.service.ports.nodePort }}
+      nodePort: {{ . }}
       {{- end }}

jupyterhub/templates/image-puller/_daemonset-helper.yaml

@@ -7,13 +7,13 @@ Returns an image-puller daemonset. Two daemonsets will be created like this.
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: {{ print .componentPrefix "image-puller" }}
+  name: {{ print .Values.componentPrefix "image-puller" }}
   labels:
     {{- include "jupyterhub.labels" . | nindent 4 }}
-    {{- if .hook }}
+    {{- if .Values.hook }}
     hub.jupyter.org/deletable: "true"
     {{- end }}
-  {{- if .hook }}
+  {{- if .Values.hook }}
   annotations:
     {{- /*
     Allows the daemonset to be deleted when the image-awaiter job is completed.
@@ -51,7 +51,7 @@ spec:
       {{- if or .Values.singleuser.imagePullSecret.enabled .Values.singleuser.image.pullSecrets }}
       imagePullSecrets:
         {{- if .Values.singleuser.imagePullSecret.enabled }}
-        - name: {{ if .hook -}} hook- {{- end -}} singleuser-image-credentials
+        - name: {{ if .Values.hook -}} hook- {{- end -}} singleuser-image-credentials
         {{ else }}
         {{- range .Values.singleuser.image.pullSecrets }}
         - name: {{ . }}

jupyterhub/templates/image-puller/daemonset.yaml

@@ -5,7 +5,7 @@ image-awaiter job confirms the required images to be pulled, the daemonset is
 deleted. Only then will the actual helm upgrade start.
 */}}
 {{- if .Values.prePuller.hook.enabled }}
-{{- $_ := merge (dict "hook" true "componentPrefix" "hook-") . }}
+{{- $_ := merge (dict "Values" (dict "hook" true "componentPrefix" "hook-")) . }}
 {{- include "jupyterhub.imagePuller.daemonset" $_ }}
 {{- end }}
 ---
@@ -15,6 +15,6 @@ that are added in between helm upgrades, for example by manually adding a node
 or by the cluster autoscaler.
 */}}
 {{- if .Values.prePuller.continuous.enabled }}
-{{- $_ := merge (dict "hook" false "componentPrefix" "continuous-") . }}
+{{- $_ := merge (dict "Values" (dict "hook" false "componentPrefix" "continuous-")) . }}
 {{ include "jupyterhub.imagePuller.daemonset" $_ }}
 {{- end }}

jupyterhub/templates/proxy/autohttps/service.yaml

@@ -14,7 +14,7 @@ metadata:
 spec:
   type: ClusterIP
   selector:
-    {{- $_ := merge (dict "componentLabel" "proxy") . }}
+    {{- $_ := merge (dict "Values" (dict "componentLabel" "proxy")) . }}
     {{- include "jupyterhub.matchLabels" $_ | nindent 4 }}
   ports:
     - port: 8000

jupyterhub/templates/proxy/deployment.yaml

@@ -91,11 +91,7 @@ spec:
             - name: CONFIGPROXY_AUTH_TOKEN
               valueFrom:
                 secretKeyRef:
-                  {{- if .Values.hub.existingSecret }}
-                  name: {{ .Values.hub.existingSecret }}
-                  {{- else }}
-                  name: hub-secret
-                  {{- end }}
+                  name: {{ .Values.hub.existingSecret | default "hub-secret" }}
                   key: proxy.token
           {{- with .Values.proxy.chp.image.pullPolicy }}
           imagePullPolicy: {{ . }}

jupyterhub/templates/proxy/netpol.yaml

@@ -49,7 +49,7 @@ spec:
       to:
         - podSelector:
             matchLabels:
-              {{- $_ := merge (dict "componentLabel" "hub") . }}
+              {{- $_ := merge (dict "Values" (dict "componentLabel" "hub")) . }}
               {{- include "jupyterhub.matchLabels" $_ | nindent 14 }}
 
     # proxy --> singleuser-server
@@ -58,7 +58,7 @@ spec:
       to:
         - podSelector:
             matchLabels:
-              {{- $_ := merge (dict "componentLabel" "singleuser-server") . }}
+              {{- $_ := merge (dict "Values" (dict "componentLabel" "singleuser-server")) . }}
               {{- include "jupyterhub.matchLabels" $_ | nindent 14 }}
 
     # proxy -> Kubernetes internal DNS

jupyterhub/templates/proxy/service.yaml

@@ -8,7 +8,7 @@ kind: Service
 metadata:
   name: proxy-api
   labels:
-    {{- $_ := merge (dict "componentSuffix" "-api") . }}
+    {{- $_ := merge (dict "Values" (dict "componentSuffix" "-api")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
 spec:
   selector:
@@ -22,7 +22,7 @@ kind: Service
 metadata:
   name: proxy-public
   labels:
-    {{- $_ := merge (dict "componentSuffix" "-public") . }}
+    {{- $_ := merge (dict "Values" (dict "componentSuffix" "-public")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
     {{- if .Values.proxy.service.labels }}
     {{- .Values.proxy.service.labels | toYaml | trimSuffix "\n" | nindent 4 }}

jupyterhub/templates/scheduling/priorityclass.yaml

@@ -4,7 +4,7 @@ kind: PriorityClass
 metadata:
   name: {{ .Release.Name }}-default-priority
   labels:
-    {{- $_ := merge (dict "componentLabel" "default-priority") . }}
+    {{- $_ := merge (dict "Values" (dict "componentLabel" "default-priority")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
   annotations:
     # PriorityClasses must be added before the other resources reference them.

jupyterhub/templates/scheduling/user-scheduler/rbac.yaml

@@ -12,7 +12,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-user-scheduler-base
   labels:
-    {{- $_ := merge (dict "componentSuffix" "-base") . }}
+    {{- $_ := merge (dict "Values" (dict "componentSuffix" "-base")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
 subjects:
   - kind: ServiceAccount
@@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-user-scheduler-complementary
   labels:
-    {{- $_ := merge (dict "componentSuffix" "-complementary") . }}
+    {{- $_ := merge (dict "Values" (dict "componentSuffix" "-complementary")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
 rules:
   # Support leader elections
@@ -50,7 +50,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-user-scheduler-complementary
   labels:
-    {{- $_ := merge (dict "componentSuffix" "-complementary") . }}
+    {{- $_ := merge (dict "Values" (dict "componentSuffix" "-complementary")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
 subjects:
   - kind: ServiceAccount

jupyterhub/templates/singleuser/image-credentials-secret.yaml

@@ -4,7 +4,7 @@ apiVersion: v1
 metadata:
   name: singleuser-image-credentials
   labels:
-    {{- $_ := merge (dict "componentSuffix" "-image-credentials") . }}
+    {{- $_ := merge (dict "Values" (dict "componentSuffix" "-image-credentials")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
 type: kubernetes.io/dockerconfigjson
 data:
@@ -16,7 +16,7 @@ apiVersion: v1
 metadata:
   name: hook-singleuser-image-credentials
   labels:
-    {{- $_ := merge (dict "componentPrefix" "hook-" "componentSuffix" "-image-credentials") . }}
+    {{- $_ := merge (dict "Values" (dict "componentPrefix" "hook-" "componentSuffix" "-image-credentials")) . }}
     {{- include "jupyterhub.labels" $_ | nindent 4 }}
     hub.jupyter.org/deletable: "true"
   annotations:

jupyterhub/templates/singleuser/netpol.yaml

@@ -8,7 +8,7 @@ metadata:
 spec:
   podSelector:
     matchLabels:
-      {{- $_ := merge (dict "componentLabel" "singleuser-server") . }}
+      {{- $_ := merge (dict "Values" (dict "componentLabel" "singleuser-server")) . }}
       {{- include "jupyterhub.matchLabels" $_ | nindent 6 }}
   policyTypes:
     - Ingress
@@ -35,7 +35,7 @@ spec:
       to:
         - podSelector:
             matchLabels:
-              {{- $_ := merge (dict "componentLabel" "hub") . }}
+              {{- $_ := merge (dict "Values" (dict "componentLabel" "hub")) . }}
               {{- include "jupyterhub.matchLabels" $_ | nindent 14 }}
 
     # singleuser-server -> Kubernetes internal DNS