...
 
Commits (89)
image: golang:1.11.6
cache:
paths:
- /apt-cache
- /go/bin
- /go/pkg
- /go/src/code.uplex.de
- /go/src/github.com
- /go/src/golang.org
- /go/src/google.golang.org
- /go/src/gopkg.in
- /go/src/k8s.io
stages:
- test
- build
- e2e
- release
before_script:
- go get -u golang.org/x/lint/golint
- go get -d -v github.com/slimhazard/gogitversion
- go mod download
- pushd /go/pkg/mod/github.com/slimhazard/gogitversion*
- make install
- popd
push_to_docker:
image: docker:19.03.8
stage: release
only:
- tags
services:
- docker:19.03.8-dind
script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- docker pull $CI_REGISTRY_IMAGE/varnish-ingress/haproxy:$CI_COMMIT_REF_NAME
- docker pull $CI_REGISTRY_IMAGE/varnish-ingress/varnish:$CI_COMMIT_REF_NAME
- docker pull $CI_REGISTRY_IMAGE/varnish-ingress/controller:$CI_COMMIT_REF_NAME
- docker tag $CI_REGISTRY_IMAGE/varnish-ingress/haproxy:$CI_COMMIT_REF_NAME uplex/viking-haproxy:$CI_COMMIT_TAG
- docker tag $CI_REGISTRY_IMAGE/varnish-ingress/varnish:$CI_COMMIT_REF_NAME uplex/viking-varnish:$CI_COMMIT_TAG
- docker tag $CI_REGISTRY_IMAGE/varnish-ingress/controller:$CI_COMMIT_REF_NAME uplex/viking-controller:$CI_COMMIT_TAG
- docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_CREDS"
- docker push uplex/viking-haproxy:$CI_COMMIT_TAG
- docker push uplex/viking-varnish:$CI_COMMIT_TAG
- docker push uplex/viking-controller:$CI_COMMIT_TAG
test:
image: golang:1.11.6
stage: test
rules:
- changes:
- cmd/**.go
- pkg/**.go
- go.mod
- go.sum
before_script:
- GO111MODULE=off go get -d github.com/slimhazard/gogitversion
- pushd $GOPATH/src/github.com/slimhazard/gogitversion*
- make install
- popd
- go get -u golang.org/x/lint/golint
- go mod download
script:
- make check
# build new haproxy image if dockerfile changes
build:haproxy:
extends: .build-haproxy
rules:
- changes:
- container/Dockerfile.haproxy
# haproxy image can be build when user triggers it
build:haproxy:manual:
extends: .build-haproxy
when: manual
# build new varnish image if dockerfile changes
build:varnish:
extends: .build-varnish
rules:
- changes:
- container/Dockerfile.varnish
# varnish image can be build when user triggers it
build:varnish:manual:
extends: .build-varnish
when: manual
build:controller:
extends: .build-image
stage: build
variables:
IMAGE: controller
script:
- cd container
- make controller
example:hello:
extends: .integration-tests
script:
- cd ../examples/hello
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:namespace:
extends: .integration-tests
script:
- cd ../examples/namespace
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:architectures:cluster-and-ns-wide:
extends: .integration-tests
script:
- cd ../examples/architectures/cluster-and-ns-wide
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:architectures:clusterwide:
extends: .integration-tests
script:
- cd ../examples/architectures/clusterwide
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:architectures:multi-controller:
extends: .integration-tests
script:
- cd ../examples/architectures/multi-controller
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:architectures:multi-varnish-ns:
extends: .integration-tests
script:
- cd ../examples/architectures/multi-varnish-ns
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:acl:
extends: .integration-tests
script:
- cd ../examples/acl
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:backend-config:
extends: .integration-tests
script:
- cd ../examples/backend-config
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:custom-vcl:
extends: .integration-tests
script:
- cd ../examples/custom-vcl
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:rewrite:
extends: .integration-tests
script:
- cd ../examples/rewrite
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:self-sharding:
extends: .integration-tests
script:
- cd ../examples/self-sharding
- ./deploy.sh
- ./verify.sh
- ./undeploy.sh
example:authentication:basic:
extends: .integration-tests
script:
- cd ../examples/authentication
- ./deploy_basic_auth.sh
- ./verify_basic_auth.sh
- ./undeploy_basic_auth.sh
example:authentication:acl-or-auth:
extends: .integration-tests
script:
- cd ../examples/authentication
- ./deploy_acl_or_auth.sh
- ./verify_acl_or_auth.sh
- ./undeploy_acl_or_auth.sh
example:authentication:proxy:
extends: .integration-tests
script:
- cd ../examples/authentication
- ./deploy_proxy_auth.sh
- ./verify_proxy_auth.sh
- ./undeploy_proxy_auth.sh
example:req-disposition:
extends: .integration-tests
script:
- cd ../examples/req-disposition
- ./deploy_alt-builtin.sh
- ./verify_alt-builtin.sh
- ./undeploy_alt-builtin.sh
- ./deploy_builtin.sh
- ./verify_builtin.sh
- ./undeploy_builtin.sh
- ./deploy_cacheability.sh
- ./verify_cacheability.sh
- ./undeploy_cacheability.sh
- ./deploy_pass-on-session-cookie.sh
- ./verify_pass-on-session-cookie.sh
- ./undeploy_pass-on-session-cookie.sh
- ./deploy_url-whitelist.sh
- ./verify_url-whitelist.sh
- ./undeploy_url-whitelist.sh
- ./deploy_purge.sh
- ./verify_purge.sh
- ./undeploy_purge.sh
example:varnish-pod-template:
extends: .integration-tests
script:
- cd ../examples/varnish_pod_template
- ./deploy_cli-args.sh
- ./verify_cli-args.sh
- ./deploy_env.sh
- ./verify_env.sh
- ./deploy_proxy.sh
- ./verify_proxy.sh
- ./undeploy.sh
.integration-tests:
needs: ["build:controller"]
stage: e2e
image: docker:19.03.8
retry: 2
services:
- docker:19.03.8-dind
variables:
KUBECTL: v1.17.0
KIND: v0.7.0
before_script:
- apk add -U wget
- apk add -U varnish
- apk add -U make
- apk add -U bash
- wget -O /usr/local/bin/kind https://github.com/kubernetes-sigs/kind/releases/download/${KIND}/kind-linux-amd64
- chmod +x /usr/local/bin/kind
- wget -O /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/${KUBECTL}/bin/linux/amd64/kubectl
- chmod +x /usr/local/bin/kubectl
- kind create cluster --config=.kind-gitlab.yaml
- sed -i -E -e 's/localhost|0\.0\.0\.0/docker/g' "$HOME/.kube/config"
- kubectl get nodes -o wide
- kubectl get pods --all-namespaces -o wide
- kubectl get services --all-namespaces -o wide
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- docker pull $CI_REGISTRY_IMAGE/varnish-ingress/controller:$CI_COMMIT_SHA
# using haproxy and varnish image with latest tag due to performance. if we are changing this image a lot, we need to improve this as can lead to pulling the incorrect image
- docker pull $CI_REGISTRY_IMAGE/varnish-ingress/varnish:$CI_COMMIT_REF_NAME
- docker pull $CI_REGISTRY_IMAGE/varnish-ingress/haproxy:$CI_COMMIT_REF_NAME
- docker tag $CI_REGISTRY_IMAGE/varnish-ingress/controller:$CI_COMMIT_SHA varnish-ingress/controller
- docker tag $CI_REGISTRY_IMAGE/varnish-ingress/haproxy:$CI_COMMIT_REF_NAME varnish-ingress/haproxy
- docker tag $CI_REGISTRY_IMAGE/varnish-ingress/varnish:$CI_COMMIT_REF_NAME varnish-ingress/varnish
- kind load docker-image varnish-ingress/varnish
- kind load docker-image varnish-ingress/haproxy
- kind load docker-image varnish-ingress/controller
- cd deploy
- ./init.sh
- ./deploy.sh
- ./verify.sh
# basic step for a pipeline to build the varnish image
.build-varnish:
extends: .build-image
stage: build
variables:
IMAGE: varnish
script:
- cd container
- make varnish
#
# basic step for a pipeline to build the haproxy image
.build-haproxy:
extends: .build-image
stage: build
variables:
IMAGE: haproxy
script:
- cd container
- make haproxy
.build-image:
stage: build
image: docker:19.03.8
services:
- docker:19.03.8-dind
variables:
IMAGE: BASIC
before_script:
- apk add -U make
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- docker pull $CI_REGISTRY_IMAGE/varnish-ingress/$IMAGE:$CI_COMMIT_REF_NAME || true
after_script:
- docker tag varnish-ingress/$IMAGE $CI_REGISTRY_IMAGE/varnish-ingress/$IMAGE:$CI_COMMIT_SHA
- docker tag varnish-ingress/$IMAGE $CI_REGISTRY_IMAGE/varnish-ingress/$IMAGE:$CI_COMMIT_REF_NAME
- docker push $CI_REGISTRY_IMAGE/varnish-ingress/$IMAGE:$CI_COMMIT_SHA
- docker push $CI_REGISTRY_IMAGE/varnish-ingress/$IMAGE:$CI_COMMIT_REF_NAME
apiVersion: kind.x-k8s.io/v1alpha4
kind: Cluster
networking:
apiServerAddress: "0.0.0.0"
# add to the apiServer certSANs the name of the docker (dind) service in order to be able to reach the cluster through it
kubeadmConfigPatchesJSON6902:
- group: kubeadm.k8s.io
version: v1beta2
kind: ClusterConfiguration
patch: |
- op: add
path: /apiServer/certSANs/-
value: docker
nodes:
- role: control-plane
- role: worker
......@@ -68,6 +68,7 @@ check: build
golint ./pkg/controller/...
golint ./pkg/interfaces/...
golint ./pkg/varnish/...
golint ./pkg/haproxy/...
golint ./pkg/apis/varnishingress/v1alpha1/...
golint ./cmd/...
go test -v ./pkg/controller/... ./pkg/interfaces/... ./pkg/varnish/...
......
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
apiVersion: v2
name: viking-controller
version: 0.1.0
description: Viking is a Varnish based Ingress controller with additional features
engine: gotpl
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: backendconfigs.ingress.varnish-cache.org
spec:
group: ingress.varnish-cache.org
names:
kind: BackendConfig
listKind: BackendConfigList
plural: backendconfigs
singular: backendconfig
shortNames:
- becfg
scope: Namespaced
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
validation:
openAPIV3Schema:
required:
- spec
properties:
spec:
required:
- services
properties:
services:
type: array
minItems: 1
items:
type: string
minLength: 1
host-header:
type: string
minLength: 1
connect-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
first-byte-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
between-bytes-timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
proxy-header:
type: integer
minimum: 1
maximum: 2
max-connections:
type: integer
minimum: 1
probe:
type: object
properties:
url:
type: string
pattern: ^/
request:
type: array
minItems: 1
items:
type: string
expected-response:
type: integer
minimum: 100
maximum: 599
timeout:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
interval:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
initial:
type: integer
minimum: 0
window:
type: integer
minimum: 0
maximum: 64
threshold:
type: integer
minimum: 0
maximum: 64
director:
type: object
properties:
type:
enum:
- round-robin
- random
- shard
type: string
warmup:
type: integer
minimum: 0
maximum: 100
rampup:
type: string
pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
status:
acceptedNames:
kind: BackendConfig
listKind: BackendConfigList
plural: backendconfigs
singular: backendconfig
shortNames:
- becfg
storedVersions:
- v1alphav1
conditions: []
This diff is collapsed.
The Viking ingress controller has been installed.
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "viking-controller.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "viking-controller.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "viking-controller.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiVersion" -}}
{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- tls-cert
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- watch
- get
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ingress.varnish-cache.org
resources:
- varnishconfigs
- backendconfigs
verbs:
- list
- watch
- get
- apiGroups:
- "ingress.varnish-cache.org"
resources:
- varnishconfigs/status
- backendconfigs/status
verbs:
- update
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "viking-controller.fullname" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "viking-controller.fullname" . }}
apiGroup: rbac.authorization.k8s.io
apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
annotations:
{{ toYaml .Values.vikingController.annotations | nindent 4}}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
replicas: {{ .Values.vikingController.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
strategy:
{{ toYaml .Values.vikingController.updateStrategy | nindent 4 }}
minReadySeconds: {{ .Values.vikingController.minReadySeconds }}
template:
metadata:
annotations:
{{ toYaml .Values.vikingController.podAnnotations | nindent 8 }}
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.vikingController.podLabels }}
{{ toYaml .Values.vikingController.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.vikingController.dnsConfig }}
dnsConfig:
{{ toYaml .Values.vikingController.dnsConfig | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.vikingController.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.priorityClassName }}
priorityClassName: "{{ .Values.vikingController.priorityClassName }}"
{{- end }}
securityContext:
{{ toYaml .Values.vikingController.podSecurityContext | nindent 8 }}
containers:
- name: controller
image: "{{ .Values.vikingController.image.repository }}:{{ .Values.vikingController.image.tag }}"
imagePullPolicy: "{{ .Values.vikingController.image.pullPolicy }}"
args:
- -readyfile=/run/controller-ready
- -class={{ .Values.vikingController.ingressClass }}
{{- if .Values.vikingController.namespace }}
- -namespace={{ .Values.vikingController.namespace }}
{{- end }}
{{- if .Values.vikingController.extraArgs }}
{{ toYaml .Values.vikingController.extraArgs | nindent 12 }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.vikingController.extraEnvs }}
{{ toYaml .Values.vikingController.extraEnvs | nindent 12 }}
{{- end }}
livenessProbe:
exec:
command:
- /usr/bin/pgrep
- -P
- "0"
- k8s-ingress
readinessProbe:
exec:
command:
- /usr/bin/test
- -e
- /run/controller-ready
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: run
mountPath: "/run"
- name: tmp
mountPath: "/tmp"
securityContext:
readOnlyRootFilesystem: true
resources:
{{ toYaml .Values.vikingController.resources | nindent 12 }}
hostNetwork: false
{{- if .Values.vikingController.nodeSelector }}
nodeSelector:
{{ toYaml .Values.vikingController.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.tolerations }}
tolerations:
{{ toYaml .Values.vikingController.tolerations | nindent 8 }}
{{- end }}
{{- if .Values.vikingController.affinity }}
affinity:
{{ toYaml .Values.vikingController.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "viking-controller.fullname" . }}
terminationGracePeriodSeconds: {{ .Values.vikingController.terminationGracePeriodSeconds }}
volumes:
- name: run
emptyDir:
medium: "Memory"
- name: tmp
emptyDir:
medium: "Memory"
{{- if gt (.Values.vikingController.replicaCount | int) 1 }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/component: "{{ .Values.vikingController.name }}"
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: controller
minAvailable: {{ .Values.vikingController.minAvailable }}
{{- end }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-controller.name" . }}
helm.sh/chart: {{ template "viking-controller.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "viking-controller.fullname" . }}
vikingController:
image:
repository: registry.gitlab.com/uplex/varnish/k8s-ingress/varnish-ingress/controller
tag: "master"
pullPolicy: IfNotPresent
# Optionally customize the pod dnsConfig.
dnsConfig: {}
dnsPolicy: ClusterFirst
## Name of the ingress class to route through this controller
##
ingressClass: viking
## Only listen for resources in this namespace (default all)
# namespace:
# labels to add to the pod container metadata
podLabels: {}
# key: value
## Security Context policies for controller pods
## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
## notes on enabling and using sysctls
##
podSecurityContext: {}
## Additional command line arguments to pass to nginx-ingress-controller
extraArgs: {}
## Additional environment variables to set
extraEnvs: []
# extraEnvs:
# - name: FOO
# valueFrom:
# secretKeyRef:
# key: FOO
# name: secret-resource
## Annotations to be added to the controller deployment
##
annotations: {}
# The update strategy to apply to the Deployment or DaemonSet
##
updateStrategy: {}
# rollingUpdate:
# maxUnavailable: 1
# type: RollingUpdate
# minReadySeconds to avoid killing pods before we are ready
##
minReadySeconds: 0
## Node tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Affinity and anti-affinity
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
# # An example of preferred pod anti-affinity, weight is in the range 1-100
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 100
# podAffinityTerm:
# labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - nginx-ingress
# topologyKey: kubernetes.io/hostname
# # An example of required pod anti-affinity
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - nginx-ingress
# topologyKey: "kubernetes.io/hostname"
## terminationGracePeriodSeconds
##
terminationGracePeriodSeconds: 60
## Node labels for controller pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Annotations to be added to controller pods
##
podAnnotations: {}
# Currently the controller only works with one replica
replicaCount: 1
minAvailable: 1
resources: {}
# limits:
# cpu: 100m
# memory: 64Mi
# requests:
# cpu: 100m
# memory: 64Mi
## Rollback limit
##
revisionHistoryLimit: 10
## Optional array of imagePullSecrets containing private registry credentials
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets: []
# - name: secretName
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
apiVersion: v2
name: viking-service
version: 0.1.0
description: Viking is a Varnish based Ingress controller with additional features
engine: gotpl
The Viking ingress service has been installed.
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "viking-service.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "viking-service.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a admin secret name
*/}}
{{- define "viking-service.admin-secret-name" -}}
{{- printf "%s-admin" (include "viking-service.name" . | trunc 55) -}}
{{- end -}}
{{/*
Create a TLS secret name
*/}}
{{- define "viking-service.tls-secret-name" -}}
{{/*{{- printf "%s-tls-crt" (include "viking-service.name" . | trunc 55) -}}*/}}
{{- printf "tls-cert" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "viking-service.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "deployment.apiVersion" -}}
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "apps/v1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiVersion" -}}
{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "viking-service.admin-secret-name" . }}
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
viking.uplex.de/secret: admin
type: Opaque
data:
admin: {{ .Values.vikingService.secrets.admin | b64enc | quote }}
dataplaneapi: {{ .Values.vikingService.secrets.dataplaneapi | b64enc | quote }}
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-service.fullname" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
# This label is used by the controller to find the pods to control.
app: varnish-ingress
name: {{ printf "%s-admin" (include "viking-service.name" . | trunc 57) }}
spec:
clusterIP: None
ports:
- name: varnishadm
port: 6081
targetPort: 6081
protocol: TCP
- name: dataplane
port: 5555
targetPort: 5555
protocol: TCP
- name: faccess
port: 5556
targetPort: 5556
protocol: TCP
- name: stats
port: 9443
targetPort: 9443
protocol: TCP
selector:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
app.kubernetes.io/component: service
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.vikingService.podLabels }}
{{ toYaml .Values.vikingService.podLabels | nindent 4 }}
{{- end }}
type: ClusterIP
publishNotReadyAddresses: true
apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
helm.sh/chart: {{ template "viking-service.chart" . }}
app.kubernetes.io/component: service
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
# Must match secret name
name: {{ template "viking-service.fullname" . }}
{{- if .Values.vikingService.annotations }}
annotations:
{{ toYaml .Values.vikingService.annotations | nindent 4}}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
replicas: {{ .Values.vikingService.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
{{- if .Values.vikingService.updateStrategy }}
strategy:
{{ toYaml .Values.vikingService.updateStrategy | nindent 4 }}
{{- end }}
minReadySeconds: {{ .Values.vikingService.minReadySeconds }}
template:
metadata:
{{- if .Values.vikingService.podAnnotations }}
annotations:
{{ toYaml .Values.vikingService.podAnnotations | nindent 8 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "viking-service.name" . }}
app.kubernetes.io/component: service
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.vikingService.podLabels }}
{{ toYaml .Values.vikingService.podLabels | nindent 8 }}
{{- end }}
spec:
{{- if .Values.vikingService.dnsConfig }}
dnsConfig:
{{ toYaml .Values.vikingService.dnsConfig | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.vikingService.dnsPolicy }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.vikingService.priorityClassName }}
priorityClassName: "{{ .Values.vikingService.priorityClassName }}"
{{- end }}
{{- if .Values.vikingService.podSecurityContext }}
securityContext:
{{ toYaml .Values.vikingService.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: varnish
image: "{{ .Values.vikingService.varnish.image.repository }}:{{ .Values.vikingService.varnish.image.tag }}"
imagePullPolicy: "{{ .Values.vikingService.varnish.image.pullPolicy }}"
args:
- -n
- /run/varnish-home
{{- if .Values.vikingService.varnish.extraArgs }}
{{ toYaml .Values.vikingService.varnish.extraArgs | nindent 12 }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.vikingService.varnish.extraEnvs }}
{{ toYaml .Values.vikingService.varnish.extraEnvs | nindent 12 }}
{{- end }}
livenessProbe:
exec:
command:
- /usr/bin/pgrep
- -P
- "0"
- varnishd
{{- if .Values.vikingService.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /ready
port: k8s
{{- end }}
ports:
- name: http
containerPort: 80
- name: k8s