Home Explore Help
Register Sign In
lcy
/
truenas
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f131c4847a
Branches Tags
truenas
/
library
/
common
/
templates
/
lib
/
container
/
_fixedEnv.tpl

_fixedEnv.tpl 3.6 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. {{/* Returns Fixed Env */}}
    2. 

  2. {{/* Call this template:
    3. 

  3. {{ include "ix.v1.common.lib.container.fixedEnv" (dict "rootCtx" $ "objectData" $objectData) }}
    4. 

  4. rootCtx: The root context of the chart.
    5. 

  5. objectData: The object data to be used to render the container.
    6. 

  6. */}}
    7. 

  7. {{- define "ix.v1.common.lib.container.fixedEnv" -}}
    8. 

  8.   {{- $rootCtx := .rootCtx -}}
    9. 

  9.   {{- $objectData := .objectData -}}
    10. 

  10. 

  11.   {{/* Avoid nil pointers */}}
    12. 

  12.   {{- if not (hasKey $objectData "fixedEnv") -}}
    13. 

  13.     {{- $_ := set $objectData "fixedEnv" dict -}}
    14. 

  14.   {{- end -}}
    15. 

  15. 

  16.   {{- $nvidiaCaps := $rootCtx.Values.resources.NVIDIA_CAPS -}}
    17. 

  17. 

  18.   {{- if $objectData.fixedEnv.NVIDIA_CAPS -}}
    19. 

  19.     {{- $nvidiaCaps = $objectData.fixedEnv.NVIDIA_CAPS -}}
    20. 

  20.   {{- end -}}
    21. 

  21. 

  22.   {{- if not (deepEqual $nvidiaCaps (mustUniq $nvidiaCaps)) -}}
    23. 

  23.     {{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> to have only unique values, but got [%s]" (join ", " $nvidiaCaps)) -}}
    24. 

  24.   {{- end -}}
    25. 

  25. 

  26.   {{- $caps := (list "all" "compute" "utility" "graphics" "video") -}}
    27. 

  27.   {{- range $cap := $nvidiaCaps -}}
    28. 

  28.     {{- if not (mustHas $cap $caps) -}}
    29. 

  29.       {{- fail (printf "Container - Expected <fixedEnv.NVIDIA_CAPS> entry to be one of [%s], but got [%s]" (join ", " $caps) $cap) -}}
    30. 

  30.     {{- end -}}
    31. 

  31.   {{- end -}}
    32. 

  32. 

  33.   {{- $secContext := fromJson (include "ix.v1.common.lib.container.securityContext.calculate" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
    34. 

  34. 

  35.   {{- $fixed := list -}}
    36. 

  36.   {{- $TZ := $objectData.fixedEnv.TZ | default $rootCtx.Values.TZ -}}
    37. 

  37.   {{- $UMASK := $objectData.fixedEnv.UMASK | default $rootCtx.Values.securityContext.container.UMASK -}}
    38. 

  38. 

  39.   {{- $PUID := $objectData.fixedEnv.PUID | default $rootCtx.Values.securityContext.container.PUID -}}
    40. 

  40.   {{- if and (not (kindIs "invalid" $objectData.fixedEnv.PUID)) (eq (int $objectData.fixedEnv.PUID) 0) -}}
    41. 

  41.     {{- $PUID = $objectData.fixedEnv.PUID -}}
    42. 

  42.   {{- end -}}
    43. 

  43. 

  44.   {{/* calculatedFSGroup is passed from the pod */}}
    45. 

  45.   {{- $PGID := $objectData.calculatedFSGroup -}}
    46. 

  46. 

  47.   {{- $fixed = mustAppend $fixed (dict "k" "TZ" "v" $TZ) -}}
    48. 

  48.   {{- $fixed = mustAppend $fixed (dict "k" "UMASK" "v" $UMASK) -}}
    49. 

  49.   {{- $fixed = mustAppend $fixed (dict "k" "UMASK_SET" "v" $UMASK) -}}
    50. 

  50.   {{- if eq (include "ix.v1.common.lib.container.resources.gpu" (dict "rootCtx" $rootCtx "objectData" $objectData "returnBool" true)) "true" -}}
    51. 

  51.     {{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_DRIVER_CAPABILITIES" "v" (join "," $nvidiaCaps)) -}}
    52. 

  52.   {{- else -}}
    53. 

  53.     {{- $fixed = mustAppend $fixed (dict "k" "NVIDIA_VISIBLE_DEVICES" "v" "void") -}}
    54. 

  54.   {{- end -}}
    55. 

  55.   {{/* If running as root and PUID is set (0 or greater), set related envs */}}
    56. 

  56.   {{- if and (or (eq (int $secContext.runAsUser) 0) (eq (int $secContext.runAsGroup) 0)) (ge (int $PUID) 0) -}}
    57. 

  57.     {{- $fixed = mustAppend $fixed (dict "k" "PUID" "v" $PUID) -}}
    58. 

  58.     {{- $fixed = mustAppend $fixed (dict "k" "USER_ID" "v" $PUID) -}}
    59. 

  59.     {{- $fixed = mustAppend $fixed (dict "k" "UID" "v" $PUID) -}}
    60. 

  60.     {{- $fixed = mustAppend $fixed (dict "k" "PGID" "v" $PGID) -}}
    61. 

  61.     {{- $fixed = mustAppend $fixed (dict "k" "GROUP_ID" "v" $PGID) -}}
    62. 

  62.     {{- $fixed = mustAppend $fixed (dict "k" "GID" "v" $PGID) -}}
    63. 

  63.   {{- end -}}
    64. 

  64.   {{/* If rootFS is readOnly OR does not as root, let s6 containers to know that fs is readonly */}}
    65. 

  65.   {{- if or $secContext.readOnlyRootFilesystem $secContext.runAsNonRoot -}}
    66. 

  66.     {{- $fixed = mustAppend $fixed (dict "k" "S6_READ_ONLY_ROOT" "v" "1") -}}
    67. 

  67.   {{- end -}}
    68. 

  68. 

  69.   {{- range $env := $fixed -}}
    70. 

  70.     {{- include "ix.v1.common.helper.container.envDupeCheck" (dict "rootCtx" $rootCtx "objectData" $objectData "source" "fixedEnv" "key" $env.k) }}
    71. 

  71. - name: {{ $env.k | quote }}
    72. 

  72.   value: {{ $env.v | quote }}
    73. 

  73.   {{- end -}}
    74. 

  74. {{- end -}}
    75.