[helm] All custom configuration for internal lb
Allow users to have custom configuration for their intenal load balancer.
This commit is contained in:
Swapnil Kulkarni
parent
223c70bd09
commit
70bf30d7a3
3 changed files with 57 additions and 28 deletions
|
|
@ -404,17 +404,24 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
|
|||
| controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. |
|
||||
| controller.service.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. |
|
||||
| controller.service.appProtocol | bool | `true` | If enabled is adding an appProtocol option for Kubernetes service. An appProtocol field replacing annotations that were using for setting a backend protocol. Here is an example for AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http It allows choosing the protocol for each backend specified in the Kubernetes service. See the following GitHub issue for more details about the purpose: https://github.com/kubernetes/kubernetes/issues/40244 Will be ignored for Kubernetes versions older than 1.20 # |
|
||||
| controller.service.enableHttp | bool | `true` | |
|
||||
| controller.service.enableHttps | bool | `true` | |
|
||||
| controller.service.enableHttp | bool | `true` | If enabled the http port is enabled |
|
||||
| controller.service.enableHttps | bool | `true` | If enabled the https port is enabled |
|
||||
| controller.service.enabled | bool | `true` | |
|
||||
| controller.service.external.enabled | bool | `true` | |
|
||||
| controller.service.externalIPs | list | `[]` | List of IP addresses at which the controller services are available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # |
|
||||
| controller.service.internal.annotations | object | `{}` | Annotations are mandatory for the load balancer to come up. Varies with the cloud service. Values passed through helm tpl engine. |
|
||||
| controller.service.internal.enableHttp | bool | `true` | If enabled the http port is enabled |
|
||||
| controller.service.internal.enableHttps | bool | `true` | If enabled the https port is enabled |
|
||||
| controller.service.internal.enabled | bool | `false` | Enables an additional internal load balancer (besides the external one). |
|
||||
| controller.service.internal.loadBalancerIP | string | `""` | Used by cloud providers to connect the resulting internal LoadBalancer to a pre-existing static IP. Make sure to add to the service the needed annotation to specify the subnet which the static IP belongs to. For instance, `networking.gke.io/internal-load-balancer-subnet` for GCP and `service.beta.kubernetes.io/aws-load-balancer-subnets` for AWS. |
|
||||
| controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0. |
|
||||
| controller.service.internal.ports | object | `{}` | Custom port mapping for internal service |
|
||||
| controller.service.internal.targetPorts | object | `{}` | Custom target port mapping for internal service |
|
||||
| controller.service.internal.nodePorts.http | string | `""` | |
|
||||
| controller.service.internal.nodePorts.https | string | `""` | |
|
||||
| controller.service.internal.nodePorts.tcp | object | `{}` | |
|
||||
| controller.service.internal.nodePorts.udp | object | `{}` | |
|
||||
| controller.service.internal.ports | object | `{"http":80,"https":443}` | Custom port mapping for internal service |
|
||||
| controller.service.internal.targetPorts | object | `{"http":"http","https":"https"}` | Custom target port mapping for internal service |
|
||||
| controller.service.internal.type | string | `"LoadBalancer"` | Custom type for internal service |
|
||||
| controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
|
||||
| controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack-ness requested or required by this Service. Possible values are SingleStack, PreferDualStack or RequireDualStack. The ipFamilies and clusterIPs fields depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ |
|
||||
| controller.service.labels | object | `{}` | |
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ metadata:
|
|||
name: {{ include "ingress-nginx.controller.fullname" . }}-internal
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
type: "{{ .Values.controller.service.type }}"
|
||||
type: "{{ .Values.controller.service.internal.type }}"
|
||||
{{- if .Values.controller.service.internal.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }}
|
||||
{{- end }}
|
||||
|
|
@ -26,29 +26,29 @@ spec:
|
|||
externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
|
||||
{{- if .Values.controller.service.enableHttp }}
|
||||
{{- $setNodePorts := (or (eq .Values.controller.service.internal.type "NodePort") (eq .Values.controller.service.internal.type "LoadBalancer")) }}
|
||||
{{- if .Values.controller.service.internal.enableHttp }}
|
||||
- name: http
|
||||
port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.ports.http }}
|
||||
port: {{ .Values.controller.service.internal.ports.http | default .Values.controller.service.internal.ports.http }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.targetPorts.http }}
|
||||
targetPort: {{ .Values.controller.service.internal.targetPorts.http | default .Values.controller.service.internal.targetPorts.http }}
|
||||
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
|
||||
appProtocol: http
|
||||
{{- end }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
|
||||
nodePort: {{ .Values.controller.service.nodePorts.http }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.http))) }}
|
||||
nodePort: {{ .Values.controller.service.internal.nodePorts.http }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.service.enableHttps }}
|
||||
{{- if .Values.controller.service.internal.enableHttps }}
|
||||
- name: https
|
||||
port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.ports.https }}
|
||||
port: {{ .Values.controller.service.internal.ports.https | default .Values.controller.service.internal.ports.https }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.targetPorts.https }}
|
||||
targetPort: {{ .Values.controller.service.internal.targetPorts.https | default .Values.controller.service.internal.targetPorts.https }}
|
||||
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
|
||||
appProtocol: https
|
||||
{{- end }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
|
||||
nodePort: {{ .Values.controller.service.nodePorts.https }}
|
||||
{{- if (and $setNodePorts (not (empty .Values.controller.service.internal.nodePorts.https))) }}
|
||||
nodePort: {{ .Values.controller.service.internal.nodePorts.https }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .Values.tcp }}
|
||||
|
|
@ -56,9 +56,9 @@ spec:
|
|||
port: {{ $key }}
|
||||
protocol: TCP
|
||||
targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp
|
||||
{{- if $.Values.controller.service.nodePorts.tcp }}
|
||||
{{- if index $.Values.controller.service.nodePorts.tcp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
|
||||
{{- if $.Values.controller.service.internal.nodePorts.tcp }}
|
||||
{{- if index $.Values.controller.service.internal.nodePorts.tcp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.internal.nodePorts.tcp $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -67,9 +67,9 @@ spec:
|
|||
port: {{ $key }}
|
||||
protocol: UDP
|
||||
targetPort: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp
|
||||
{{- if $.Values.controller.service.nodePorts.udp }}
|
||||
{{- if index $.Values.controller.service.nodePorts.udp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
|
||||
{{- if $.Values.controller.service.internal.nodePorts.udp }}
|
||||
{{- if index $.Values.controller.service.internal.nodePorts.udp $key }}
|
||||
nodePort: {{ index $.Values.controller.service.internal.nodePorts.udp $key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -454,7 +454,9 @@ controller:
|
|||
loadBalancerSourceRanges: []
|
||||
# -- Used by cloud providers to select a load balancer implementation other than the cloud provider default. https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
|
||||
loadBalancerClass: ""
|
||||
# -- If enabled the http port is enabled
|
||||
enableHttp: true
|
||||
# -- If enabled the https port is enabled
|
||||
enableHttps: true
|
||||
## Set external traffic policy to: "Local" to preserve source IP on providers supporting it.
|
||||
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
|
||||
|
|
@ -513,15 +515,35 @@ controller:
|
|||
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
|
||||
# externalTrafficPolicy: ""
|
||||
|
||||
# -- If enabled the http port is enabled
|
||||
enableHttp: true
|
||||
|
||||
# -- If enabled the https port is enabled
|
||||
enableHttps: true
|
||||
|
||||
# -- Custom port mapping for internal service
|
||||
ports: {}
|
||||
# http: 80
|
||||
# https: 443
|
||||
ports:
|
||||
http: 80
|
||||
https: 443
|
||||
|
||||
# -- Custom target port mapping for internal service
|
||||
targetPorts: {}
|
||||
# http: http
|
||||
# https: https
|
||||
targetPorts:
|
||||
http: http
|
||||
https: https
|
||||
|
||||
# -- Custom type for internal service
|
||||
type: LoadBalancer
|
||||
## type: NodePort
|
||||
## nodePorts:
|
||||
## http: 32080
|
||||
## https: 32443
|
||||
## tcp:
|
||||
## 8080: 32808
|
||||
nodePorts:
|
||||
http: ""
|
||||
https: ""
|
||||
tcp: {}
|
||||
udp: {}
|
||||
# shareProcessNamespace enables process namespace sharing within the pod.
|
||||
# This can be used for example to signal log rotation using `kill -USR1` from a sidecar.
|
||||
shareProcessNamespace: false
|
||||
|
|
|
|||
Loading…
Reference in a new issue