Cleanup chart code
This commit is contained in:
parent
103eb067f2
commit
388a499533
38 changed files with 403 additions and 446 deletions
|
@ -114,6 +114,17 @@ Return the appropriate apiVersion for deployment.
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiVersion for daemonset.
|
||||
*/}}
|
||||
{{- define "daemonset.apiVersion" -}}
|
||||
{{- if semverCompare ">=1.9-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
{{- print "apps/v1" -}}
|
||||
{{- else -}}
|
||||
{{- print "v1/beta2" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the appropriate apiGroup for PodSecurityPolicy.
|
||||
*/}}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
@ -22,6 +22,6 @@ rules:
|
|||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- {{ include "ingress-nginx.fullname" . }}-admission
|
||||
- {{ template "ingress-nginx.fullname" . }}-admission
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
@ -12,9 +12,9 @@ metadata:
|
|||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission-create
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission-create
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
@ -10,24 +10,23 @@ metadata:
|
|||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
|
||||
# Alpha feature since k8s 1.12
|
||||
ttlSecondsAfterFinished: 0
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission-create
|
||||
{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission-create
|
||||
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: create
|
||||
image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
|
||||
|
@ -38,11 +37,10 @@ spec:
|
|||
- --namespace={{ .Release.Namespace }}
|
||||
- --secret-name={{ template "ingress-nginx.fullname". }}-admission
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
{{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 2000
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission-patch
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission-patch
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
@ -10,41 +10,39 @@ metadata:
|
|||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
|
||||
# Alpha feature since k8s 1.12
|
||||
ttlSecondsAfterFinished: 0
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission-patch
|
||||
{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission-patch
|
||||
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
spec:
|
||||
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: patch
|
||||
image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
|
||||
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }}
|
||||
args:
|
||||
- patch
|
||||
- --webhook-name={{ include "ingress-nginx.fullname" . }}-admission
|
||||
- --webhook-name={{ template "ingress-nginx.fullname" . }}-admission
|
||||
- --namespace={{ .Release.Namespace }}
|
||||
- --patch-mutating=false
|
||||
- --secret-name={{ template "ingress-nginx.fullname". }}-admission
|
||||
- --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
{{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 2000
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
@ -12,9 +12,9 @@ metadata:
|
|||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
|
||||
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled -}}
|
||||
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: admission-webhook
|
||||
name: {{ include "ingress-nginx.fullname" . }}-admission
|
||||
name: {{ template "ingress-nginx.fullname" . }}-admission
|
||||
webhooks:
|
||||
- name: validate.nginx.ingress.kubernetes.io
|
||||
rules:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
|
||||
{{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
|
@ -65,4 +65,4 @@ rules:
|
|||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}}
|
||||
{{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "ingress-nginx.fullname" . }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "ingress-nginx.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.controller.addHeaders }}
|
||||
{{- if .Values.controller.addHeaders -}}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
|
@ -6,6 +6,5 @@ metadata:
|
|||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
|
||||
data:
|
||||
{{ toYaml .Values.controller.addHeaders | indent 2 }}
|
||||
data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
|
||||
{{- end }}
|
|
@ -1,4 +1,4 @@
|
|||
{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
|
||||
{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
|
@ -1,13 +1,13 @@
|
|||
{{- if .Values.tcp }}
|
||||
{{- if .Values.tcp -}}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
annotations:
|
||||
{{ toYaml .Values.controller.tcp.annotations | indent 4}}
|
||||
name: {{ include "ingress-nginx.fullname" . }}-tcp
|
||||
data:
|
||||
{{ tpl (toYaml .Values.tcp) . | indent 2 }}
|
||||
{{- if .Values.controller.tcp.annotations }}
|
||||
annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}-tcp
|
||||
data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
|
||||
{{- end }}
|
|
@ -1,13 +1,13 @@
|
|||
{{- if .Values.udp }}
|
||||
{{- if .Values.udp -}}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
annotations:
|
||||
{{ toYaml .Values.controller.udp.annotations | indent 4}}
|
||||
name: {{ include "ingress-nginx.fullname" . }}-udp
|
||||
data:
|
||||
{{ tpl (toYaml .Values.udp) . | indent 2 }}
|
||||
{{- if .Values.controller.udp.annotations }}
|
||||
annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}-udp
|
||||
data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
|
||||
{{- end }}
|
|
@ -1,12 +1,13 @@
|
|||
{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) }}
|
||||
{{- if or .Values.controller.config (or (or .Values.controller.proxySetHeaders .Values.controller.headers) .Values.controller.addHeaders) -}}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
annotations:
|
||||
{{ toYaml .Values.controller.configAnnotations | indent 4}}
|
||||
{{- if .Values.controller.configAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "ingress-nginx.controller.fullname" . }}
|
||||
data:
|
||||
{{- if .Values.controller.addHeaders }}
|
||||
|
@ -16,6 +17,6 @@ data:
|
|||
proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
|
||||
{{- end }}
|
||||
{{- if .Values.controller.config }}
|
||||
{{ toYaml .Values.controller.config | indent 2 }}
|
||||
{{ toYaml .Values.controller.config | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,63 +1,56 @@
|
|||
{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") }}
|
||||
{{- $useHostPort := .Values.controller.daemonset.useHostPort -}}
|
||||
{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
|
||||
apiVersion: {{ template "deployment.apiVersion" . }}
|
||||
{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}}
|
||||
apiVersion: {{ template "daemonset.apiVersion" . }}
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
name: {{ template "ingress-nginx.controller.fullname" . }}
|
||||
annotations:
|
||||
{{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
|
||||
{{- if .Values.controller.daemonsetAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.daemonsetAnnotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
updateStrategy:
|
||||
{{ toYaml .Values.controller.updateStrategy | indent 4 }}
|
||||
{{- if .Values.controller.updateStrategy }}
|
||||
updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
minReadySeconds: {{ .Values.controller.minReadySeconds }}
|
||||
template:
|
||||
metadata:
|
||||
{{- if .Values.controller.podAnnotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.controller.podAnnotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
{{- if .Values.controller.podLabels }}
|
||||
{{ toYaml .Values.controller.podLabels | indent 8}}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podLabels }}
|
||||
{{- toYaml .Values.controller.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.controller.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.dnsConfig }}
|
||||
dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
|
||||
{{- end }}
|
||||
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.controller.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podSecurityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.priorityClassName }}
|
||||
priorityClassName: {{ .Values.controller.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podSecurityContext }}
|
||||
securityContext: {{ toYaml .Values.controller.podSecurityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "ingress-nginx.name" . }}-{{ .Values.controller.name }}
|
||||
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
|
||||
{{- if .Values.controller.lifecycle }}
|
||||
lifecycle:
|
||||
{{ toYaml .Values.controller.lifecycle | indent 12 }}
|
||||
{{- end }}
|
||||
image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
{{- if .Values.controller.lifecycle }}
|
||||
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
|
||||
{{- end }}
|
||||
args:
|
||||
- /nginx-ingress-controller
|
||||
{{- if .Values.defaultBackend.enabled }}
|
||||
|
@ -92,7 +85,7 @@ spec:
|
|||
{{- if .Values.controller.scope.enabled }}
|
||||
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork)}}
|
||||
{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
|
||||
- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
|
@ -110,7 +103,7 @@ spec:
|
|||
- --{{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }}
|
||||
{{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
|
@ -119,7 +112,7 @@ spec:
|
|||
- NET_BIND_SERVICE
|
||||
runAsUser: {{ .Values.controller.image.runAsUser }}
|
||||
allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
|
@ -130,7 +123,7 @@ spec:
|
|||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
{{- if .Values.controller.extraEnvs }}
|
||||
{{ toYaml .Values.controller.extraEnvs | indent 12 }}
|
||||
{{- toYaml .Values.controller.extraEnvs | nindent 12 }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
|
@ -142,13 +135,23 @@ spec:
|
|||
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.controller.readinessProbe.port }}
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
|
||||
ports:
|
||||
{{- range $key, $value := .Values.controller.containerPort }}
|
||||
- name: {{ $key }}
|
||||
containerPort: {{ $value }}
|
||||
protocol: TCP
|
||||
{{- if $useHostPort }}
|
||||
hostPort: {{ index $hostPorts $key | default $value }}
|
||||
{{- if $.Values.controller.daemonset.useHostPort }}
|
||||
hostPort: {{ index $.Values.controller.daemonset.hostPorts $key | default $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.enabled }}
|
||||
|
@ -162,88 +165,77 @@ spec:
|
|||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.tcp }}
|
||||
- name: "{{ $key }}-tcp"
|
||||
- name: {{ $key }}-tcp
|
||||
containerPort: {{ $key }}
|
||||
protocol: TCP
|
||||
{{- if $useHostPort }}
|
||||
{{- if $.Values.controller.daemonset.useHostPort }}
|
||||
hostPort: {{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.udp }}
|
||||
- name: "{{ $key }}-udp"
|
||||
- name: {{ $key }}-udp
|
||||
containerPort: {{ $key }}
|
||||
protocol: UDP
|
||||
{{- if $useHostPort }}
|
||||
{{- if $.Values.controller.daemonset.useHostPort }}
|
||||
hostPort: {{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.controller.readinessProbe.port }}
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
|
||||
volumeMounts:
|
||||
{{- end }}
|
||||
{{- if .Values.controller.customTemplate.configMapName }}
|
||||
{{- if .Values.controller.customTemplate.configMapName }}
|
||||
- mountPath: /etc/nginx/template
|
||||
name: nginx-template-volume
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
- name: webhook-cert
|
||||
mountPath: "/usr/local/certificates/"
|
||||
mountPath: /usr/local/certificates/
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraVolumeMounts }}
|
||||
{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.controller.resources | indent 12 }}
|
||||
{{- if .Values.controller.extraContainers }}
|
||||
{{ toYaml .Values.controller.extraContainers | indent 8}}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraInitContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.controller.extraInitContainers | indent 8}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraVolumeMounts }}
|
||||
{{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.resources }}
|
||||
resources: {{ toYaml .Values.controller.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraContainers }}
|
||||
{{ toYaml .Values.controller.extraContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraInitContainers }}
|
||||
initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.hostNetwork }}
|
||||
hostNetwork: {{ .Values.controller.hostNetwork }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
|
||||
nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.controller.tolerations | indent 8 }}
|
||||
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.controller.affinity | indent 8 }}
|
||||
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
|
||||
terminationGracePeriodSeconds: 60
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
|
||||
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
|
||||
volumes:
|
||||
{{- end }}
|
||||
{{- if .Values.controller.customTemplate.configMapName }}
|
||||
{{- if .Values.controller.customTemplate.configMapName }}
|
||||
- name: nginx-template-volume
|
||||
configMap:
|
||||
name: {{ .Values.controller.customTemplate.configMapName }}
|
||||
items:
|
||||
- key: {{ .Values.controller.customTemplate.configMapKey }}
|
||||
path: nginx.tmpl
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
- name: webhook-cert
|
||||
secret:
|
||||
secretName: {{ template "ingress-nginx.fullname". }}-admission
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraVolumes }}
|
||||
{{ toYaml .Values.controller.extraVolumes | indent 8}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraVolumes }}
|
||||
{{ toYaml .Values.controller.extraVolumes | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
|
||||
{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}}
|
||||
apiVersion: {{ template "deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
|
@ -6,8 +6,9 @@ metadata:
|
|||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
name: {{ template "ingress-nginx.controller.fullname" . }}
|
||||
annotations:
|
||||
{{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
|
||||
{{- if .Values.controller.deploymentAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.deploymentAnnotations | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
@ -17,48 +18,42 @@ spec:
|
|||
replicas: {{ .Values.controller.replicaCount }}
|
||||
{{- end }}
|
||||
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||
strategy:
|
||||
{{ toYaml .Values.controller.updateStrategy | indent 4 }}
|
||||
{{- if .Values.controller.updateStrategy }}
|
||||
strategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
|
||||
{{- end }}
|
||||
minReadySeconds: {{ .Values.controller.minReadySeconds }}
|
||||
template:
|
||||
metadata:
|
||||
{{- if .Values.controller.podAnnotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.controller.podAnnotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podAnnotations }}
|
||||
annotations: {{ toYaml .Values.controller.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
{{- if .Values.controller.podLabels }}
|
||||
{{ toYaml .Values.controller.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podLabels }}
|
||||
{{- toYaml .Values.controller.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.controller.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.dnsConfig }}
|
||||
dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
|
||||
{{- end }}
|
||||
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.controller.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podSecurityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.priorityClassName }}
|
||||
priorityClassName: {{ .Values.controller.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podSecurityContext }}
|
||||
securityContext: {{ toYaml .Values.controller.podSecurityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "ingress-nginx.name" . }}-{{ .Values.controller.name }}
|
||||
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
|
||||
{{- if .Values.controller.lifecycle }}
|
||||
lifecycle:
|
||||
{{ toYaml .Values.controller.lifecycle | indent 12 }}
|
||||
{{- end }}
|
||||
image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
|
||||
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
||||
{{- if .Values.controller.lifecycle }}
|
||||
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
|
||||
{{- end }}
|
||||
args:
|
||||
- /nginx-ingress-controller
|
||||
{{- if .Values.defaultBackend.enabled }}
|
||||
|
@ -93,7 +88,7 @@ spec:
|
|||
{{- if .Values.controller.scope.enabled }}
|
||||
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork) }}
|
||||
{{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
|
||||
- --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
|
@ -111,7 +106,7 @@ spec:
|
|||
- --{{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }}
|
||||
{{- if (semverCompare ">=0.16.0" .Values.controller.image.tag) }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
|
@ -120,7 +115,7 @@ spec:
|
|||
- NET_BIND_SERVICE
|
||||
runAsUser: {{ .Values.controller.image.runAsUser }}
|
||||
allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
|
@ -131,7 +126,7 @@ spec:
|
|||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
{{- if .Values.controller.extraEnvs }}
|
||||
{{ toYaml .Values.controller.extraEnvs | indent 12 }}
|
||||
{{- toYaml .Values.controller.extraEnvs | nindent 12 }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
|
@ -143,6 +138,16 @@ spec:
|
|||
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.controller.readinessProbe.port }}
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
|
||||
ports:
|
||||
{{- range $key, $value := .Values.controller.containerPort }}
|
||||
- name: {{ $key }}
|
||||
|
@ -160,82 +165,71 @@ spec:
|
|||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.tcp }}
|
||||
- name: "{{ $key }}-tcp"
|
||||
- name: {{ $key }}-tcp
|
||||
containerPort: {{ $key }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.udp }}
|
||||
- name: "{{ $key }}-udp"
|
||||
- name: {{ $key }}-udp
|
||||
containerPort: {{ $key }}
|
||||
protocol: UDP
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.controller.readinessProbe.port }}
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
|
||||
volumeMounts:
|
||||
{{- end }}
|
||||
{{- if .Values.controller.customTemplate.configMapName }}
|
||||
{{- if .Values.controller.customTemplate.configMapName }}
|
||||
- mountPath: /etc/nginx/template
|
||||
name: nginx-template-volume
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
- name: webhook-cert
|
||||
mountPath: "/usr/local/certificates/"
|
||||
mountPath: /usr/local/certificates/
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraVolumeMounts }}
|
||||
{{ toYaml .Values.controller.extraVolumeMounts | indent 12}}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.controller.resources | indent 12 }}
|
||||
{{- if .Values.controller.extraContainers }}
|
||||
{{ toYaml .Values.controller.extraContainers | indent 8}}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraInitContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.controller.extraInitContainers | indent 8}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraVolumeMounts }}
|
||||
{{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.resources }}
|
||||
resources: {{ toYaml .Values.controller.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraContainers }}
|
||||
{{ toYaml .Values.controller.extraContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraInitContainers }}
|
||||
initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.hostNetwork }}
|
||||
hostNetwork: {{ .Values.controller.hostNetwork }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
|
||||
nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.controller.tolerations | indent 8 }}
|
||||
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.controller.affinity | indent 8 }}
|
||||
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
|
||||
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
|
||||
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
|
||||
volumes:
|
||||
{{- end }}
|
||||
{{- if .Values.controller.customTemplate.configMapName }}
|
||||
{{- if .Values.controller.customTemplate.configMapName }}
|
||||
- name: nginx-template-volume
|
||||
configMap:
|
||||
name: {{ .Values.controller.customTemplate.configMapName }}
|
||||
items:
|
||||
- key: {{ .Values.controller.customTemplate.configMapKey }}
|
||||
path: nginx.tmpl
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
- name: webhook-cert
|
||||
secret:
|
||||
secretName: {{ template "ingress-nginx.fullname". }}-admission
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraVolumes }}
|
||||
{{ toYaml .Values.controller.extraVolumes | indent 8}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.extraVolumes }}
|
||||
{{ toYaml .Values.controller.extraVolumes | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") }}
|
||||
{{- if .Values.controller.autoscaling.enabled }}
|
||||
{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
|
||||
apiVersion: autoscaling/v2beta1
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
|
@ -15,17 +14,16 @@ spec:
|
|||
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
|
||||
{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
targetAverageUtilization: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
targetAverageUtilization: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) }}
|
||||
{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (gt (.Values.controller.replicaCount | int) 1) -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled }}
|
||||
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ template "ingress-nginx.controller.fullname" . }}
|
||||
{{- if .Values.controller.metrics.prometheusRule.namespace }}
|
||||
{{- if .Values.controller.metrics.prometheusRule.namespace }}
|
||||
namespace: {{ .Values.controller.metrics.prometheusRule.namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
{{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
|
||||
{{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.controller.metrics.prometheusRule.rules }}
|
||||
groups:
|
||||
- name: {{ template "ingress-nginx.name" $ }}
|
||||
rules: {{- toYaml . | nindent 4 }}
|
||||
{{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
|
||||
{{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.controller.metrics.prometheusRule.rules }}
|
||||
groups:
|
||||
- name: {{ template "ingress-nginx.name" . }}
|
||||
rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{{- if .Values.podSecurityPolicy.enabled}}
|
||||
{{- if .Values.podSecurityPolicy.enabled -}}
|
||||
apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
|
@ -18,7 +18,9 @@ spec:
|
|||
#- 'projected'
|
||||
- 'secret'
|
||||
#- 'downwardAPI'
|
||||
{{- if .Values.controller.hostNetwork }}
|
||||
hostNetwork: {{ .Values.controller.hostNetwork }}
|
||||
{{- end }}
|
||||
{{- if or .Values.controller.hostNetwork .Values.controller.daemonset.useHostPort }}
|
||||
hostPorts:
|
||||
{{- if .Values.controller.hostNetwork }}
|
||||
|
|
|
@ -5,7 +5,7 @@ metadata:
|
|||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
@ -80,10 +80,9 @@ rules:
|
|||
- create
|
||||
- patch
|
||||
{{- if .Values.podSecurityPolicy.enabled }}
|
||||
- apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
|
||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames: [{{ include "ingress-nginx.fullname" . }}]
|
||||
resourceNames: [{{ template "ingress-nginx.fullname" . }}]
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
|
|
|
@ -5,13 +5,13 @@ metadata:
|
|||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "ingress-nginx.fullname" . }}
|
||||
name: {{ template "ingress-nginx.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "ingress-nginx.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,36 +1,30 @@
|
|||
{{- if .Values.controller.metrics.enabled }}
|
||||
{{- if .Values.controller.metrics.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.controller.metrics.service.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.controller.metrics.service.annotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- if .Values.controller.metrics.service.labels }}
|
||||
{{ toYaml .Values.controller.metrics.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
{{- if .Values.controller.metrics.service.labels }}
|
||||
{{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "ingress-nginx.controller.fullname" . }}-metrics
|
||||
spec:
|
||||
{{- if not .Values.controller.metrics.service.omitClusterIP }}
|
||||
{{- with .Values.controller.metrics.service.clusterIP }}
|
||||
clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
|
||||
{{- end }}
|
||||
type: {{ .Values.controller.metrics.service.type }}
|
||||
{{- if .Values.controller.metrics.service.clusterIP }}
|
||||
clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }}
|
||||
externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.service.loadBalancerIP }}
|
||||
loadBalancerIP: "{{ .Values.controller.metrics.service.loadBalancerIP }}"
|
||||
loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | indent 4 }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: metrics
|
||||
|
@ -39,5 +33,4 @@ spec:
|
|||
selector:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
type: "{{ .Values.controller.metrics.service.type }}"
|
||||
{{- end }}
|
|
@ -1,33 +1,27 @@
|
|||
{{- if .Values.controller.admissionWebhooks.enabled }}
|
||||
{{- if .Values.controller.admissionWebhooks.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.controller.admissionWebhooks.service.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.controller.admissionWebhooks.service.annotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
name: {{ template "ingress-nginx.controller.fullname" . }}-admission
|
||||
spec:
|
||||
{{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }}
|
||||
{{- with .Values.controller.admissionWebhooks.service.clusterIP }}
|
||||
clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
|
||||
{{- end }}
|
||||
type: {{ .Values.controller.admissionWebhooks.service.type }}
|
||||
{{- if .Values.controller.admissionWebhooks.service.clusterIP }}
|
||||
clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | indent 4 }}
|
||||
externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
|
||||
loadBalancerIP: "{{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}"
|
||||
loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | indent 4 }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: https-webhook
|
||||
|
@ -36,5 +30,4 @@ spec:
|
|||
selector:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
type: "{{ .Values.controller.admissionWebhooks.service.type }}"
|
||||
{{- end }}
|
|
@ -1,90 +1,83 @@
|
|||
{{- if .Values.controller.service.enabled }}
|
||||
{{- if .Values.controller.service.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.controller.service.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.controller.service.annotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
annotations: {{ toYaml .Values.controller.service.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- if .Values.controller.service.labels }}
|
||||
{{ toYaml .Values.controller.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
{{- if .Values.controller.service.labels }}
|
||||
{{- toYaml .Values.controller.service.labels | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "ingress-nginx.controller.fullname" . }}
|
||||
spec:
|
||||
{{- if not .Values.controller.service.omitClusterIP }}
|
||||
{{- with .Values.controller.service.clusterIP }}
|
||||
clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
|
||||
{{- end }}
|
||||
type: {{ .Values.controller.service.type }}
|
||||
{{- if .Values.controller.service.clusterIP }}
|
||||
clusterIP: {{ .Values.controller.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
|
||||
externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.loadBalancerIP }}
|
||||
loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
|
||||
loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }}
|
||||
externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}"
|
||||
{{- if and .Values.controller.service.externalTrafficPolicy (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.sessionAffinity }}
|
||||
sessionAffinity: "{{ .Values.controller.service.sessionAffinity }}"
|
||||
sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }}
|
||||
{{- if and .Values.controller.service.healthCheckNodePort (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
|
||||
{{- if .Values.controller.service.enableHttp }}
|
||||
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
|
||||
{{- if .Values.controller.service.enableHttp }}
|
||||
- name: http
|
||||
port: {{ .Values.controller.service.ports.http }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.controller.service.targetPorts.http }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
|
||||
nodePort: {{ .Values.controller.service.nodePorts.http }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.enableHttps }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.enableHttps }}
|
||||
- name: https
|
||||
port: {{ .Values.controller.service.ports.https }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.controller.service.targetPorts.https }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
|
||||
nodePort: {{ .Values.controller.service.nodePorts.https }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.tcp }}
|
||||
- name: "{{ $key }}-tcp"
|
||||
- name: {{ $key }}-tcp
|
||||
port: {{ $key }}
|
||||
protocol: TCP
|
||||
targetPort: "{{ $key }}-tcp"
|
||||
{{- if $.Values.controller.service.nodePorts.tcp }}
|
||||
{{- if index $.Values.controller.service.nodePorts.tcp $key }}
|
||||
targetPort: {{ $key }}-tcp
|
||||
{{- if $.Values.controller.service.nodePorts.tcp }}
|
||||
{{- if index $.Values.controller.service.nodePorts.tcp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.udp }}
|
||||
- name: "{{ $key }}-udp"
|
||||
- name: {{ $key }}-udp
|
||||
port: {{ $key }}
|
||||
protocol: UDP
|
||||
targetPort: "{{ $key }}-udp"
|
||||
{{- if $.Values.controller.service.nodePorts.udp }}
|
||||
{{- if index $.Values.controller.service.nodePorts.udp $key }}
|
||||
targetPort: {{ $key }}-udp
|
||||
{{- if $.Values.controller.service.nodePorts.udp }}
|
||||
{{- if index $.Values.controller.service.nodePorts.udp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
type: "{{ .Values.controller.service.type }}"
|
||||
{{- end }}
|
||||
|
|
|
@ -6,4 +6,4 @@ metadata:
|
|||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
name: {{ template "ingress-nginx.serviceAccountName" . }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,32 +1,31 @@
|
|||
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled }}
|
||||
{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "ingress-nginx.controller.fullname" . }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.namespace }}
|
||||
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
|
||||
{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: metrics
|
||||
interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
|
||||
honorLabels: true
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
|
||||
namespaceSelector:
|
||||
{{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | indent 4 -}}
|
||||
{{ else }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
|
||||
namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }}
|
||||
{{ else }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.defaultBackend.enabled }}
|
||||
{{- if .Values.defaultBackend.enabled -}}
|
||||
apiVersion: {{ template "deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
|
@ -16,33 +16,29 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
{{- if .Values.defaultBackend.podAnnotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.defaultBackend.podAnnotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
|
||||
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
|
||||
{{- if .Values.defaultBackend.podLabels }}
|
||||
{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.podLabels }}
|
||||
{{- toYaml .Values.defaultBackend.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.priorityClassName }}
|
||||
priorityClassName: "{{ .Values.defaultBackend.priorityClassName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.podSecurityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.defaultBackend.podSecurityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.priorityClassName }}
|
||||
priorityClassName: {{ .Values.defaultBackend.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.podSecurityContext }}
|
||||
securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "ingress-nginx.name" . }}-{{ .Values.defaultBackend.name }}
|
||||
image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
|
||||
imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
|
||||
image: {{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}
|
||||
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
|
||||
{{- if .Values.defaultBackend.extraArgs }}
|
||||
args:
|
||||
{{- range $key, $value := .Values.defaultBackend.extraArgs }}
|
||||
{{- if $value }}
|
||||
|
@ -51,12 +47,12 @@ spec:
|
|||
- --{{ $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
|
||||
{{- if .Values.defaultBackend.extraEnvs }}
|
||||
env:
|
||||
{{ toYaml .Values.defaultBackend.extraEnvs | indent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.extraEnvs }}
|
||||
env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
|
@ -81,20 +77,18 @@ spec:
|
|||
- name: http
|
||||
containerPort: {{ .Values.defaultBackend.port }}
|
||||
protocol: TCP
|
||||
resources:
|
||||
{{ toYaml .Values.defaultBackend.resources | indent 12 }}
|
||||
{{- if .Values.defaultBackend.resources }}
|
||||
resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.defaultBackend.nodeSelector | indent 8 }}
|
||||
nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
|
||||
{{- if .Values.defaultBackend.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.defaultBackend.tolerations | indent 8 }}
|
||||
tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.defaultBackend.affinity | indent 8 }}
|
||||
affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
|
||||
{{- end }}
|
||||
terminationGracePeriodSeconds: 60
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if gt (.Values.defaultBackend.replicaCount | int) 1 }}
|
||||
{{- if gt (.Values.defaultBackend.replicaCount | int) 1 -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ include "ingress-nginx.fullname" . }}-backend
|
||||
name: {{ template "ingress-nginx.fullname" . }}-backend
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
|
||||
|
@ -30,4 +30,4 @@ spec:
|
|||
- projected
|
||||
- secret
|
||||
- downwardAPI
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
|
|
@ -5,10 +5,10 @@ metadata:
|
|||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
|
||||
name: {{ include "ingress-nginx.fullname" . }}-backend
|
||||
name: {{ template "ingress-nginx.fullname" . }}-backend
|
||||
rules:
|
||||
- apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
|
||||
- apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
|
||||
{{- end -}}
|
||||
resourceNames: [{{ template "ingress-nginx.fullname" . }}-backend]
|
||||
{{- end }}
|
||||
|
|
|
@ -14,4 +14,4 @@ subjects:
|
|||
- kind: ServiceAccount
|
||||
name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
|
|
@ -1,33 +1,27 @@
|
|||
{{- if .Values.defaultBackend.enabled }}
|
||||
{{- if .Values.defaultBackend.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
{{- if .Values.defaultBackend.service.annotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.defaultBackend.service.annotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
|
||||
name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
|
||||
spec:
|
||||
{{- if not .Values.defaultBackend.service.omitClusterIP }}
|
||||
{{- with .Values.defaultBackend.service.clusterIP }}
|
||||
clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }}
|
||||
{{- end }}
|
||||
type: {{ .Values.defaultBackend.service.type }}
|
||||
{{- if .Values.defaultBackend.service.clusterIP }}
|
||||
clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }}
|
||||
externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.service.loadBalancerIP }}
|
||||
loadBalancerIP: "{{ .Values.defaultBackend.service.loadBalancerIP }}"
|
||||
loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | indent 4 }}
|
||||
loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
|
@ -37,5 +31,4 @@ spec:
|
|||
selector:
|
||||
{{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
|
||||
type: "{{ .Values.defaultBackend.service.type }}"
|
||||
{{- end }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create }}
|
||||
{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
|
|
@ -133,6 +133,10 @@ controller:
|
|||
##
|
||||
deploymentAnnotations: {}
|
||||
|
||||
## Annotations to be added to the controller daemonset
|
||||
##
|
||||
daemonsetAnnotations: {}
|
||||
|
||||
# The update strategy to apply to the Deployment or DaemonSet
|
||||
##
|
||||
updateStrategy: {}
|
||||
|
@ -242,8 +246,6 @@ controller:
|
|||
|
||||
annotations: {}
|
||||
labels: {}
|
||||
## Deprecated, instead simply do not provide a clusterIP value
|
||||
omitClusterIP: false
|
||||
# clusterIP: ""
|
||||
|
||||
## List of IP addresses at which the controller services are available
|
||||
|
@ -251,7 +253,7 @@ controller:
|
|||
##
|
||||
externalIPs: []
|
||||
|
||||
loadBalancerIP: ""
|
||||
# loadBalancerIP: ""
|
||||
loadBalancerSourceRanges: []
|
||||
|
||||
enableHttp: true
|
||||
|
@ -260,13 +262,16 @@ controller:
|
|||
## Set external traffic policy to: "Local" to preserve source IP on
|
||||
## providers supporting it
|
||||
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
|
||||
externalTrafficPolicy: ""
|
||||
# externalTrafficPolicy: ""
|
||||
|
||||
# Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
|
||||
# Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
|
||||
sessionAffinity: ""
|
||||
# sessionAffinity: ""
|
||||
|
||||
healthCheckNodePort: 0
|
||||
# specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified,
|
||||
# the service controller allocates a port from your cluster’s NodePort range.
|
||||
# Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||||
# healthCheckNodePort: 0
|
||||
|
||||
ports:
|
||||
http: 80
|
||||
|
@ -337,11 +342,9 @@ controller:
|
|||
|
||||
service:
|
||||
annotations: {}
|
||||
## Deprecated, instead simply do not provide a clusterIP value
|
||||
omitClusterIP: false
|
||||
# clusterIP: ""
|
||||
externalIPs: []
|
||||
loadBalancerIP: ""
|
||||
# loadBalancerIP: ""
|
||||
loadBalancerSourceRanges: []
|
||||
servicePort: 443
|
||||
type: ClusterIP
|
||||
|
@ -368,8 +371,6 @@ controller:
|
|||
# prometheus.io/scrape: "true"
|
||||
# prometheus.io/port: "10254"
|
||||
|
||||
## Deprecated, instead simply do not provide a clusterIP value
|
||||
omitClusterIP: false
|
||||
# clusterIP: ""
|
||||
|
||||
## List of IP addresses at which the stats-exporter service is available
|
||||
|
@ -377,7 +378,7 @@ controller:
|
|||
##
|
||||
externalIPs: []
|
||||
|
||||
loadBalancerIP: ""
|
||||
# loadBalancerIP: ""
|
||||
loadBalancerSourceRanges: []
|
||||
servicePort: 9913
|
||||
type: ClusterIP
|
||||
|
@ -397,7 +398,7 @@ controller:
|
|||
prometheusRule:
|
||||
enabled: false
|
||||
additionalLabels: {}
|
||||
namespace: ""
|
||||
# namespace: ""
|
||||
rules: []
|
||||
# # These are just examples rules, please adapt them to your needs
|
||||
# - alert: TooMany500s
|
||||
|
@ -516,8 +517,7 @@ defaultBackend:
|
|||
|
||||
service:
|
||||
annotations: {}
|
||||
## Deprecated, instead simply do not provide a clusterIP value
|
||||
omitClusterIP: false
|
||||
|
||||
# clusterIP: ""
|
||||
|
||||
## List of IP addresses at which the default backend service is available
|
||||
|
@ -525,7 +525,7 @@ defaultBackend:
|
|||
##
|
||||
externalIPs: []
|
||||
|
||||
loadBalancerIP: ""
|
||||
# loadBalancerIP: ""
|
||||
loadBalancerSourceRanges: []
|
||||
servicePort: 80
|
||||
type: ClusterIP
|
||||
|
|
Loading…
Reference in a new issue