Commit cbe42f8f authored by Lars Fenneberg's avatar Lars Fenneberg

Add Helm charts

parent 5779abd3
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
apiVersion: v2
name: viking-controller
version: 0.1.0
description: Viking is a Varnish based Ingress controller with additional features
engine: gotpl
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: backendconfigs.ingress.varnish-cache.org
spec:
group: ingress.varnish-cache.org
names:
kind: BackendConfig
listKind: BackendConfigList
plural: backendconfigs
singular: backendconfig
shortNames:
- becfg
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
validation:
openAPIV3Schema:
required:
- spec
properties:
spec:
required:
- services
properties:
services:
type: array
minItems: 1
items:
type: string
minLength: 1
host-header:
type: string
minLength: 1
connect-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
first-byte-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
between-bytes-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
proxy-header:
type: integer
minimum: 1
maximum: 2
max-connections:
type: integer
minimum: 1
probe:
type: object
properties:
url:
type: string
pattern: ^/
request:
type: array
minItems: 1
items:
type: string
expected-response:
type: integer
minimum: 100
maximum: 599
timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
interval:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
initial:
type: integer
minimum: 0
window:
type: integer
minimum: 0
maximum: 64
threshold:
type: integer
minimum: 0
maximum: 64
director:
type: object
properties:
type:
enum:
- round-robin
- random
- shard
type: string
warmup:
type: integer
minimum: 0
maximum: 100
rampup:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
status:
acceptedNames:
kind: BackendConfig
listKind: BackendConfigList
plural: backendconfigs
singular: backendconfig
shortNames:
- becfg
storedVersions:
- v1alphav1
conditions: []
This diff is collapsed.
The Viking ingress controller has been installed.
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "viking-controller.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "viking-controller.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "viking-controller.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiVersion" -}}
{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- tls-cert
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- watch
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ingress.varnish-cache.org
resources:
- varnishconfigs
- backendconfigs
verbs:
- list
- watch
- get
- apiGroups:
- "ingress.varnish-cache.org"
resources:
- varnishconfigs/status
- backendconfigs/status
verbs:
- update
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "viking-controller.fullname" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "viking-controller.fullname" . }}
apiGroup: rbac.authorization.k8s.io
apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
annotations:
{{ toYaml .Values.vikingController.annotations | nindent 4}}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
replicas: {{ .Values.vikingController.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
strategy:
{{ toYaml .Values.vikingController.updateStrategy | nindent 4 }}
minReadySeconds: {{ .Values.vikingController.minReadySeconds }}
template:
metadata:
annotations:
{{ toYaml .Values.vikingController.podAnnotations | nindent 8 }}
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.vikingController.podLabels }}
{{ toYaml .Values.vikingController.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.vikingController.dnsConfig }}
dnsConfig:
{{ toYaml .Values.vikingController.dnsConfig | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.vikingController.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.priorityClassName }}
priorityClassName: "{{ .Values.vikingController.priorityClassName }}"
{{- end }}
securityContext:
{{ toYaml .Values.vikingController.podSecurityContext | nindent 8 }}
containers:
- name: controller
image: "{{ .Values.vikingController.image.repository }}:{{ .Values.vikingController.image.tag }}"
imagePullPolicy: "{{ .Values.vikingController.image.pullPolicy }}"
args:
- -readyfile=/run/controller-ready
- -class={{ .Values.vikingController.ingressClass }}
{{- if .Values.vikingController.namespace }}
- -namespace={{ .Values.vikingController.namespace }}
{{- end }}
{{- if .Values.vikingController.extraArgs }}
{{ toYaml .Values.vikingController.extraArgs | nindent 12 }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.vikingController.extraEnvs }}
{{ toYaml .Values.vikingController.extraEnvs | nindent 12 }}
{{- end }}
livenessProbe:
exec:
command:
- /usr/bin/pgrep
- -P
- "0"
- k8s-ingress
readinessProbe:
exec:
command:
- /usr/bin/test
- -e
- /run/controller-ready
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: run
mountPath: "/run"
- name: tmp
mountPath: "/tmp"
securityContext:
readOnlyRootFilesystem: true
resources:
{{ toYaml .Values.vikingController.resources | nindent 12 }}
hostNetwork: false
{{- if .Values.vikingController.nodeSelector }}
nodeSelector:
{{ toYaml .Values.vikingController.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.tolerations }}
tolerations:
{{ toYaml .Values.vikingController.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.affinity }}
affinity:
{{ toYaml .Values.vikingController.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "viking-controller.fullname" . }}
terminationGracePeriodSeconds: {{ .Values.vikingController.terminationGracePeriodSeconds }}
volumes:
- name: run
emptyDir:
medium: "Memory"
- name: tmp
emptyDir:
medium: "Memory"
{{- if gt (.Values.vikingController.replicaCount | int) 1 }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: controller
minAvailable: {{ .Values.vikingController.minAvailable }}
{{- end }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
vikingController:
image:
repository: registry.gitlab.com/uplex/varnish/k8s-ingress/varnish-ingress/controller
tag: "master"
pullPolicy: IfNotPresent
# Optionally customize the pod dnsConfig.
dnsConfig: {}
dnsPolicy: ClusterFirst
## Name of the ingress class to route through this controller
##
ingressClass: viking
## Only listen for resources in this namespace (default all)
# namespace:
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Security Context policies for controller pods
## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
## notes on enabling and using sysctls
##
podSecurityContext: {}
## Additional command line arguments to pass to nginx-ingress-controller
extraArgs: {}
## Additional environment variables to set
extraEnvs: []
# extraEnvs:
# - name: FOO
# valueFrom:
# secretKeyRef:
# key: FOO
# name: secret-resource
## Annotations to be added to the controller deployment
##
annotations: {}
# The update strategy to apply to the Deployment or DaemonSet
##
updateStrategy: {}
# rollingUpdate:
# maxUnavailable: 1
# type: RollingUpdate
# minReadySeconds to avoid killing pods before we are ready
##
minReadySeconds: 0
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Affinity and anti-affinity
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
# # An example of preferred pod anti-affinity, weight is in the range 1-100
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 100
# podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - nginx-ingress
# topologyKey: kubernetes.io/hostname
# # An example of required pod anti-affinity
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - nginx-ingress
# topologyKey: "kubernetes.io/hostname"
## terminationGracePeriodSeconds
##
terminationGracePeriodSeconds: 60
## Node labels for controller pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to controller pods
##
podAnnotations: {}
# Currently the controller only works with one replica
replicaCount: 1
minAvailable: 1
resources: {}
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 100m
# memory: 64Mi
## Rollback limit
##
revisionHistoryLimit: 10
## Optional array of imagePullSecrets containing private registry credentials
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: secretName
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
apiVersion: v2
name: viking-service
version: 0.1.0
description: Viking is a Varnish based Ingress controller with additional features
engine: gotpl
The Viking ingress service has been installed.
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "viking-service.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "viking-service.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a admin secret name
*/}}
{{- define "viking-service.admin-secret-name" -}}
{{- printf "%s-admin" (include "viking-service.name" . | trunc 55) -}}
{{- end -}}
{{/*
Create a TLS secret name
*/}}
{{- define "viking-service.tls-secret-name" -}}
{{/*{{- printf "%s-tls-crt" (include "viking-service.name" . | trunc 55) -}}*/}}
{{- printf "tls-cert" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "viking-service.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiVersion" -}}
{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "viking-service.admin-secret-name" . }}
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
viking.uplex.de/secret: admin
type: Opaque
data:
admin: {{ .Values.vikingService.secrets.admin | b64enc | quote }}
dataplaneapi: {{ .Values.vikingService.secrets.dataplaneapi | b64enc | quote }}
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-service.fullname" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
# This label is used by the controller to find the pods to control.
app: varnish-ingress
name: {{ printf "%s-admin" (include "viking-service.name" . | trunc 57) }}
spec:
clusterIP: None
ports:
- name: varnishadm
port: 6081
targetPort: 6081
protocol: TCP
- name: dataplane
port: 5555
targetPort: 5555
protocol: TCP
- name: faccess
port: 5556