Commit cbe42f8f authored by Lars Fenneberg's avatar Lars Fenneberg

Add Helm charts

parent 5779abd3
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
apiVersion: v2
name: viking-controller
version: 0.1.0
description: Viking is a Varnish based Ingress controller with additional features
engine: gotpl
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: backendconfigs.ingress.varnish-cache.org
spec:
group: ingress.varnish-cache.org
names:
kind: BackendConfig
listKind: BackendConfigList
plural: backendconfigs
singular: backendconfig
shortNames:
- becfg
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
validation:
openAPIV3Schema:
required:
- spec
properties:
spec:
required:
- services
properties:
services:
type: array
minItems: 1
items:
type: string
minLength: 1
host-header:
type: string
minLength: 1
connect-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
first-byte-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
between-bytes-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
proxy-header:
type: integer
minimum: 1
maximum: 2
max-connections:
type: integer
minimum: 1
probe:
type: object
properties:
url:
type: string
pattern: ^/
request:
type: array
minItems: 1
items:
type: string
expected-response:
type: integer
minimum: 100
maximum: 599
timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
interval:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
initial:
type: integer
minimum: 0
window:
type: integer
minimum: 0
maximum: 64
threshold:
type: integer
minimum: 0
maximum: 64
director:
type: object
properties:
type:
enum:
- round-robin
- random
- shard
type: string
warmup:
type: integer
minimum: 0
maximum: 100
rampup:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
status:
acceptedNames:
kind: BackendConfig
listKind: BackendConfigList
plural: backendconfigs
singular: backendconfig
shortNames:
- becfg
storedVersions:
- v1alphav1
conditions: []
This diff is collapsed.
The Viking ingress controller has been installed.
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "viking-controller.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "viking-controller.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "viking-controller.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiVersion" -}}
{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- tls-cert
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- watch
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ingress.varnish-cache.org
resources:
- varnishconfigs
- backendconfigs
verbs:
- list
- watch
- get
- apiGroups:
- "ingress.varnish-cache.org"
resources:
- varnishconfigs/status
- backendconfigs/status
verbs:
- update
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "viking-controller.fullname" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "viking-controller.fullname" . }}
apiGroup: rbac.authorization.k8s.io
apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
annotations:
{{ toYaml .Values.vikingController.annotations | nindent 4}}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
replicas: {{ .Values.vikingController.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
strategy:
{{ toYaml .Values.vikingController.updateStrategy | nindent 4 }}
minReadySeconds: {{ .Values.vikingController.minReadySeconds }}
template:
metadata:
annotations:
{{ toYaml .Values.vikingController.podAnnotations | nindent 8 }}
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.vikingController.podLabels }}
{{ toYaml .Values.vikingController.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.vikingController.dnsConfig }}
dnsConfig:
{{ toYaml .Values.vikingController.dnsConfig | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.vikingController.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.priorityClassName }}
priorityClassName: "{{ .Values.vikingController.priorityClassName }}"
{{- end }}
securityContext:
{{ toYaml .Values.vikingController.podSecurityContext | nindent 8 }}
containers:
- name: controller
image: "{{ .Values.vikingController.image.repository }}:{{ .Values.vikingController.image.tag }}"
imagePullPolicy: "{{ .Values.vikingController.image.pullPolicy }}"
args:
- -readyfile=/run/controller-ready
- -class={{ .Values.vikingController.ingressClass }}
{{- if .Values.vikingController.namespace }}
- -namespace={{ .Values.vikingController.namespace }}
{{- end }}
{{- if .Values.vikingController.extraArgs }}
{{ toYaml .Values.vikingController.extraArgs | nindent 12 }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.vikingController.extraEnvs }}
{{ toYaml .Values.vikingController.extraEnvs | nindent 12 }}
{{- end }}
livenessProbe:
exec:
command:
- /usr/bin/pgrep
- -P
- "0"
- k8s-ingress
readinessProbe:
exec:
command:
- /usr/bin/test
- -e
- /run/controller-ready
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: run
mountPath: "/run"
- name: tmp
mountPath: "/tmp"
securityContext:
readOnlyRootFilesystem: true
resources:
{{ toYaml .Values.vikingController.resources | nindent 12 }}
hostNetwork: false
{{- if .Values.vikingController.nodeSelector }}
nodeSelector:
{{ toYaml .Values.vikingController.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.tolerations }}
tolerations:
{{ toYaml .Values.vikingController.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.affinity }}
affinity:
{{ toYaml .Values.vikingController.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "viking-controller.fullname" . }}
terminationGracePeriodSeconds: {{ .Values.vikingController.terminationGracePeriodSeconds }}
volumes:
- name: run
emptyDir:
medium: "Memory"
- name: tmp
emptyDir:
medium: "Memory"
{{- if gt (.Values.vikingController.replicaCount | int) 1 }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: controller
minAvailable: {{ .Values.vikingController.minAvailable }}
{{- end }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
vikingController:
image:
repository: registry.gitlab.com/uplex/varnish/k8s-ingress/varnish-ingress/controller
tag: "master"
pullPolicy: IfNotPresent
# Optionally customize the pod dnsConfig.
dnsConfig: {}
dnsPolicy: ClusterFirst
## Name of the ingress class to route through this controller
##
ingressClass: viking
## Only listen for resources in this namespace (default all)
# namespace:
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Security Context policies for controller pods
## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
## notes on enabling and using sysctls
##
podSecurityContext: {}
## Additional command line arguments to pass to nginx-ingress-controller
extraArgs: {}
## Additional environment variables to set
extraEnvs: []
# extraEnvs:
# - name: FOO
# valueFrom:
# secretKeyRef:
# key: FOO
# name: secret-resource
## Annotations to be added to the controller deployment
##
annotations: {}
# The update strategy to apply to the Deployment or DaemonSet
##
updateStrategy: {}
# rollingUpdate:
# maxUnavailable: 1
# type: RollingUpdate
# minReadySeconds to avoid killing pods before we are ready
##
minReadySeconds: 0
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Affinity and anti-affinity
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
# # An example of preferred pod anti-affinity, weight is in the range 1-100
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 100
# podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - nginx-ingress
# topologyKey: kubernetes.io/hostname
# # An example of required pod anti-affinity
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - nginx-ingress
# topologyKey: "kubernetes.io/hostname"
## terminationGracePeriodSeconds
##
terminationGracePeriodSeconds: 60
## Node labels for controller pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to controller pods
##
podAnnotations: {}
# Currently the controller only works with one replica
replicaCount: 1
minAvailable: 1
resources: {}
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 100m
# memory: 64Mi
## Rollback limit
##
revisionHistoryLimit: 10
## Optional array of imagePullSecrets containing private registry credentials
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: secretName
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
apiVersion: v2
name: viking-service
version: 0.1.0
description: Viking is a Varnish based Ingress controller with additional features
engine: gotpl
The Viking ingress service has been installed.
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "viking-service.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "viking-service.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a admin secret name
*/}}
{{- define "viking-service.admin-secret-name" -}}
{{- printf "%s-admin" (include "viking-service.name" . | trunc 55) -}}
{{- end -}}
{{/*
Create a TLS secret name
*/}}
{{- define "viking-service.tls-secret-name" -}}
{{/*{{- printf "%s-tls-crt" (include "viking-service.name" . | trunc 55) -}}*/}}
{{- printf "tls-cert" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "viking-service.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiVersion" -}}
{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "viking-service.admin-secret-name" . }}
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
viking.uplex.de/secret: admin
type: Opaque
data:
admin: {{ .Values.vikingService.secrets.admin | b64enc | quote }}
dataplaneapi: {{ .Values.vikingService.secrets.dataplaneapi | b64enc | quote }}
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-service.fullname" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
# This label is used by the controller to find the pods to control.
app: varnish-ingress
name: {{ printf "%s-admin" (include "viking-service.name" . | trunc 57) }}
spec:
clusterIP: None
ports:
- name: varnishadm
port: 6081
targetPort: 6081
protocol: TCP
- name: dataplane
port: 5555
targetPort: 5555
protocol: TCP
- name: faccess
port: 5556
targetPort: 5556
protocol: TCP
- name: stats
port: 9443
targetPort: 9443
protocol: TCP
selector:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
app.kubernetes.io/component: service
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.vikingService.podLabels }}
{{ toYaml .Values.vikingService.podLabels | nindent 4 }}
{{- end }}
type: ClusterIP
publishNotReadyAddresses: true
apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/component: service
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
# Must match secret name
name: {{ template "viking-service.fullname" . }}
{{- if .Values.vikingService.annotations }}
annotations:
{{ toYaml .Values.vikingService.annotations | nindent 4}}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
replicas: {{ .Values.vikingService.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- if .Values.vikingService.updateStrategy }}
strategy:
{{ toYaml .Values.vikingService.updateStrategy | nindent 4 }}
{{- end }}
minReadySeconds: {{ .Values.vikingService.minReadySeconds }}
template:
metadata:
{{- if .Values.vikingService.podAnnotations }}
annotations:
{{ toYaml .Values.vikingService.podAnnotations | nindent 8 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
app.kubernetes.io/component: service
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.vikingService.podLabels }}
{{ toYaml .Values.vikingService.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.vikingService.dnsConfig }}
dnsConfig:
{{ toYaml .Values.vikingService.dnsConfig | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.vikingService.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.vikingService.priorityClassName }}
priorityClassName: "{{ .Values.vikingService.priorityClassName }}"
{{- end }}
{{- if .Values.vikingService.podSecurityContext }}
securityContext:
{{ toYaml .Values.vikingService.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: varnish
image: "{{ .Values.vikingService.varnish.image.repository }}:{{ .Values.vikingService.varnish.image.tag }}"
imagePullPolicy: "{{ .Values.vikingService.varnish.image.pullPolicy }}"
args:
- -n
- /run/varnish-home
{{- if .Values.vikingService.varnish.extraArgs }}
{{ toYaml .Values.vikingService.varnish.extraArgs | nindent 12 }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.vikingService.varnish.extraEnvs }}
{{ toYaml .Values.vikingService.varnish.extraEnvs | nindent 12 }}
{{- end }}
livenessProbe:
exec:
command:
- /usr/bin/pgrep
- -P
- "0"
- varnishd
{{- if .Values.vikingService.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /ready
port: k8s
{{- end }}
ports:
- name: http
containerPort: 80
- name: k8s
containerPort: 8080
- name: varnishadm
containerPort: 6081
volumeMounts:
- name: adm-secret
mountPath: "/run/varnish"
readOnly: true
- name: run-varnish-home
mountPath: "/run/varnish-home"
- name: run-offload
mountPath: "/run/offload"
securityContext:
readOnlyRootFilesystem: true
resources:
{{ toYaml .Values.vikingService.varnish.resources | nindent 12 }}
- name: haproxy
image: "{{ .Values.vikingService.haproxy.image.repository }}:{{ .Values.vikingService.haproxy.image.tag }}"
imagePullPolicy: "{{ .Values.vikingService.haproxy.image.pullPolicy }}"
env:
- name: SECRET_DATAPLANEAPI
valueFrom:
secretKeyRef:
name: {{ template "viking-service.fullname" . }}-admin
key: dataplaneapi
livenessProbe:
exec:
command:
- /usr/bin/pgrep
- -P
- "0"
- haproxy
{{- if .Values.vikingService.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
port: k8s
{{- end }}
ports:
- name: https
containerPort: 443
- name: k8s
containerPort: 8443
volumeMounts:
- name: tls-cert
mountPath: "/etc/ssl/private"
readOnly: true
- name: run-offload
mountPath: "/run/offload"
- name: run-haproxy
mountPath: "/run/haproxy"
- name: tmp
mountPath: "/tmp"
securityContext:
readOnlyRootFilesystem: true
resources:
{{ toYaml .Values.vikingService.haproxy.resources | nindent 12 }}
hostNetwork: {{ .Values.vikingService.hostNetwork }}
{{- if .Values.vikingService.nodeSelector }}
nodeSelector:
{{ toYaml .Values.vikingService.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.vikingService.tolerations }}
tolerations:
{{ toYaml .Values.vikingService.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.vikingService.affinity }}
affinity:
{{ toYaml .Values.vikingService.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "viking-service.fullname" . }}
terminationGracePeriodSeconds: {{ .Values.vikingService.terminationGracePeriodSeconds }}
volumes:
- name: adm-secret
secret:
secretName: {{ template "viking-service.admin-secret-name" . }}
items:
- key: admin
path: _.secret
- name: tls-cert
secret:
secretName: {{ template "viking-service.tls-secret-name" . }}
defaultMode: 0440
- name: run-varnish-home
emptyDir:
medium: "Memory"
- name: run-offload
emptyDir:
medium: "Memory"
- name: run-haproxy
emptyDir:
medium: "Memory"
- name: tmp
emptyDir:
medium: "Memory"
{{- if gt (.Values.vikingService.replicaCount | int) 1 }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/component: service
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-service.fullname" . }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: service
minAvailable: {{ .Values.vikingService.minAvailable }}
{{- end }}
apiVersion: v1
kind: Service
metadata:
annotations:
{{ toYaml .Values.vikingService.service.annotations | nindent 4 }}
labels:
{{- if .Values.vikingService.service.labels }}
{{ toYaml .Values.vikingService.service.labels | nindent 4 }}
{{- end }}
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-service.fullname" . }}
spec:
{{- with .Values.vikingService.service.clusterIP }}
clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
{{- end }}
{{- if .Values.vikingService.service.externalIPs }}
externalIPs:
{{ toYaml .Values.vikingService.service.externalIPs | nindent 4 }}
{{- end }}
{{- if .Values.vikingService.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.vikingService.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.vikingService.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.vikingService.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if .Values.vikingService.service.externalTrafficPolicy }}
externalTrafficPolicy: "{{ .Values.vikingService.service.externalTrafficPolicy }}"
{{- end }}
{{- if .Values.vikingService.service.sessionAffinity }}
sessionAffinity: "{{ .Values.vikingService.service.sessionAffinity }}"
{{- end }}
{{- if .Values.vikingService.service.healthCheckNodePort }}
healthCheckNodePort: {{ .Values.vikingService.service.healthCheckNodePort }}
{{- end }}
ports:
{{- $setNodePorts := (or (eq .Values.vikingService.service.type "NodePort") (eq .Values.vikingService.service.type "LoadBalancer")) }}
{{- if .Values.vikingService.service.enableHTTP }}
- name: http
port: {{ .Values.vikingService.service.ports.http }}
protocol: TCP
targetPort: http
{{- if (and $setNodePorts (not (empty .Values.vikingService.service.nodePorts.http))) }}
nodePort: {{ .Values.vikingService.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.vikingService.service.enableHTTPS }}
- name: https
port: {{ .Values.vikingService.service.ports.https }}
protocol: TCP
targetPort: https
{{- if (and $setNodePorts (not (empty .Values.vikingService.service.nodePorts.https))) }}
nodePort: {{ .Values.vikingService.service.nodePorts.https }}
{{- end }}
{{- end }}
selector:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
app.kubernetes.io/component: service
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.vikingService.podLabels }}
{{ toYaml .Values.vikingService.podLabels | nindent 4 }}
{{- end }}
type: "{{ .Values.vikingService.service.type }}"
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-service.fullname" . }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "viking-service.tls-secret-name" . }}
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
viking.uplex.de/secret: pem
type: Opaque
vikingService:
varnish:
image:
repository: registry.gitlab.com/uplex/varnish/k8s-ingress/varnish-ingress/varnish
tag: "master"
pullPolicy: IfNotPresent
extraArgs: {}
extraEnvs: []
resources: {}
haproxy:
image:
repository: registry.gitlab.com/uplex/varnish/k8s-ingress/varnish-ingress/haproxy
tag: "master"
pullPolicy: IfNotPresent
extraArgs: {}
extraEnvs: []
resources: {}
secrets:
admin: "21d0ac6c-83d5-11ea-8acc-1ff3820da75e"
dataplaneapi: "e24bb312-cb21-46d6-aaec-8ae676f06fea"
readinessProbe:
enabled: false
# Optionally customize the pod dnsConfig.
dnsConfig: {}
dnsPolicy: ClusterFirst
hostNetwork: false
## Name of the ingress class to route through this controller
##
ingressClass: viking
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Security Context policies for controller pods
## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
## notes on enabling and using sysctls
##
podSecurityContext:
# ID 998 is group varnish in the varnish and haproxy containers.
# The varnish and haproxy users belong to this group.
fsGroup: 998
## Annotations to be added to the controller deployment
##
annotations: {}
# The update strategy to apply to the Deployment or DaemonSet
##
updateStrategy: {}
# rollingUpdate:
# maxUnavailable: 1
# type: RollingUpdate
# minReadySeconds to avoid killing pods before we are ready
##
minReadySeconds: 0
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Affinity and anti-affinity
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
# # An example of preferred pod anti-affinity, weight is in the range 1-100
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 100
# podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - nginx-ingress
# topologyKey: kubernetes.io/hostname
# # An example of required pod anti-affinity
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - nginx-ingress
# topologyKey: "kubernetes.io/hostname"
## terminationGracePeriodSeconds
##
terminationGracePeriodSeconds: 60
## Node labels for controller pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to controller pods
##
podAnnotations: {}
replicaCount: 2
minAvailable: 1
service:
annotations: {}
labels: {}
# If left unset or set to"-" a headless service will be defined.
clusterIP: ""
## List of IP addresses at which the controller services are available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
enableHTTP: true
enableHTTPS: true
## Set external traffic policy to: "Local" to preserve source IP on
## providers supporting it
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
externalTrafficPolicy: ""
# Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
sessionAffinity: ""
healthCheckNodePort: 0
ports:
http: 80
https: 443
type: ClusterIP
# type: NodePort
nodePorts:
http: ""
https: ""
## Rollback limit
##
revisionHistoryLimit: 10
serviceAccount:
create: true
# Set name of service account.
# name:
## Optional array of imagePullSecrets containing private registry credentials
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: secretName
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment