Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove unused files, a lot of s/Consul/Vault

Browse source
This commit is contained in:
Clint Shryock 2018-09-28 15:56:48 -05:00
parent e1304d0c6b
commit a2235339eb
No known key found for this signature in database
GPG key ID: B7C8F9C70EC5CD29
12 changed files with 84 additions and 422 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
templates/_helpers.tpl
View file

@ -4,7 +4,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to
this (by the DNS naming spec). If release name contains chart name it will this (by the DNS naming spec). If release name contains chart name it will
be used as a full name. be used as a full name.
*/}} */}}
{{- define "consul.fullname" -}} {{- define "vault.fullname" -}}
{{- if .Values.fullnameOverride -}} {{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}} {{- else -}}
@ -20,14 +20,14 @@ be used as a full name.
{{/* {{/*
Create chart name and version as used by the chart label. Create chart name and version as used by the chart label.
*/}} */}}
{{- define "consul.chart" -}} {{- define "vault.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/* {{/*
Expand the name of the chart. Expand the name of the chart.
*/}} */}}
{{- define "consul.name" -}} {{- define "vault.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
@ -35,7 +35,7 @@ Expand the name of the chart.
Compute the maximum number of unavailable replicas for the PodDisruptionBudget. Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
This defaults to (n/2)-1 where n is the number of members of the server cluster. This defaults to (n/2)-1 where n is the number of members of the server cluster.
*/}} */}}
{{- define "consul.pdb.maxUnavailable" -}} {{- define "vault.pdb.maxUnavailable" -}}
{{- if .Values.server.disruptionBudget.maxUnavailable -}} {{- if .Values.server.disruptionBudget.maxUnavailable -}}
{{ .Values.server.disruptionBudget.maxUnavailable -}} {{ .Values.server.disruptionBudget.maxUnavailable -}}
{{- else -}} {{- else -}}

16
templates/client-config-configmap.yaml
View file

@ -1,16 +0,0 @@
# ConfigMap with extra configuration specified directly to the chart
# for client agents only.
{{- if (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "consul.fullname" . }}-client-config
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
extra-from-values.json: |-
{{ tpl .Values.client.extraConfig . | indent 4 }}
{{- end }}

139
templates/client-daemonset.yaml
View file

@ -1,139 +0,0 @@
# DaemonSet to run the Consul clients on every node.
{{- if (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "consul.fullname" . }}
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: client
hasDNS: "true"
template:
metadata:
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: client
hasDNS: "true"
annotations:
"consul.hashicorp.com/connect-inject": "false"
spec:
terminationGracePeriodSeconds: 10
# Consul agents require a directory for data, even clients. The data
# is okay to be wiped though if the Pod is removed, so just use an
# emptyDir volume.
volumes:
- name: data
emptyDir: {}
- name: config
configMap:
name: {{ template "consul.fullname" . }}-client-config
{{- range .Values.client.extraVolumes }}
- name: userconfig-{{ .name }}
{{ .type }}:
{{- if (eq .type "configMap") }}
name: {{ .name }}
{{- else if (eq .type "secret") }}
secretName: {{ .name }}
{{- end }}
{{- end }}
containers:
- name: consul
image: "{{ default .Values.global.image .Values.client.image }}"
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
command:
- "/bin/sh"
- "-ec"
- |
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
exec /bin/consul agent \
-advertise="${POD_IP}" \
-bind=0.0.0.0 \
-client=0.0.0.0 \
-config-dir=/consul/config \
{{- range .Values.client.extraVolumes }}
{{- if .load }}
-config-dir=/consul/userconfig/{{ .name }}
{{- end }}
{{- end }}
-datacenter={{ .Values.global.datacenter }} \
-data-dir=/consul/data \
{{- if (.Values.client.join) and (gt (len .Values.client.join) 0) }}
{{- range $value := .Values.client.join }}
-retry-join={{ $value }} \
{{- end }}
{{- else }}
{{- if .Values.server.enabled }}
{{- range $index := until (.Values.server.replicas | int) }}
-retry-join=${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc \
{{- end }}
{{- end }}
{{- end }}
-domain={{ .Values.global.domain }}
volumeMounts:
- name: data
mountPath: /consul/data
- name: config
mountPath: /consul/config
{{- range .Values.client.extraVolumes }}
- name: userconfig-{{ .name }}
readOnly: true
mountPath: /consul/userconfig/{{ .name }}
{{- end }}
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- consul leave
ports:
- containerPort: 8500
hostPort: 8500
name: http
- containerPort: 8301
name: serflan
- containerPort: 8302
name: serfwan
- containerPort: 8300
name: server
- containerPort: 8600
name: dns-tcp
protocol: "TCP"
- containerPort: 8600
name: dns-udp
protocol: "UDP"
readinessProbe:
# NOTE(mitchellh): when our HTTP status endpoints support the
# proper status codes, we should switch to that. This is temporary.
exec:
command:
- "/bin/sh"
- "-ec"
- |
curl http://127.0.0.1:8500/v1/status/leader 2>/dev/null | \
grep -E '".+"'
resources:
{{ toYaml .Values.client.resources | indent 12 }}
{{- end }}

80
templates/connect-inject-deployment.yaml
View file

@ -1,80 +0,0 @@
# The deployment for running the Connect sidecar injector
{{- if (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-webhook-deployment
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: connect-injector
template:
metadata:
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: connect-injector
spec:
containers:
- name: sidecar-injector
image: "{{ .Values.connectInject.image }}"
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
command:
- "/bin/sh"
- "-ec"
- |
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
consul-k8s inject \
-default-inject={{ .Values.connectInject.default }} \
-listen=:8080 \
{{- if .Values.connectInject.certs.secretName }}
-tls-cert-file=/etc/connect-injector/certs/{{ .Values.connectInject.certs.certName }}
-tls-key-file=/etc/connect-injector/certs/{{ .Values.connectInject.certs.keyName }}
{{- else }}
-tls-auto=consul-connect-injector-cfg \
-tls-auto-hosts=${CONSUL_FULLNAME}-connect-injector-svc,${CONSUL_FULLNAME}-connect-injector-svc.${NAMESPACE},${CONSUL_FULLNAME}-connect-injector-svc.${NAMESPACE}.svc
{{- end }}
livenessProbe:
tcpSocket:
port: 8080
failureThreshold: 2
initialDelaySeconds: 1
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /health/ready
port: 8080
scheme: HTTPS
failureThreshold: 2
initialDelaySeconds: 2
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 5
{{- if .Values.connectInject.certs.secretName }}
volumeMounts:
- name: certs
mountPath: /etc/connect-injector/certs
readOnly: true
volumes:
- name: certs
secret:
secretName: {{ .Values.connectInject.certs.secretName }}
{{- end }}
{{- end }}

29
templates/connect-inject-mutatingwebhook.yaml
View file

@ -1,29 +0,0 @@
# The MutatingWebhookConfiguration to enable the Connect injector.
{{- if (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-cfg
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
webhooks:
- name: {{ template "consul.fullname" . }}-connect-injector.consul.hashicorp.com
clientConfig:
service:
name: {{ template "consul.fullname" . }}-connect-injector-svc
namespace: default
path: "/mutate"
caBundle: {{ .Values.connectInject.caBundle }}
rules:
- operations: [ "CREATE" ]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
{{- if .Values.connectInject.namespaceSelector }}
namespaceSelector:
{{ tpl .Values.connectInject.namespaceSelector . | indent 6 }}
{{- end }}
{{- end }}

21
templates/connect-inject-service.yaml
View file

@ -1,21 +0,0 @@
# The service for the Connect sidecar injector
{{- if (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-svc
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
ports:
- port: 443
targetPort: 8080
selector:
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: connect-injector
{{- end }}

11
templates/dns-service.yaml
View file

@ -1,12 +1,13 @@
# Service for Consul DNS. # Service for Vault DNS.
# TODO: verify for Vault
{{- if (or (and (ne (.Values.dns.enabled | toString) "-") .Values.dns.enabled) (and (eq (.Values.dns.enabled | toString) "-") .Values.global.enabled)) }} {{- if (or (and (ne (.Values.dns.enabled | toString) "-") .Values.dns.enabled) (and (eq (.Values.dns.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ template "consul.fullname" . }}-dns name: {{ template "vault.fullname" . }}-dns
labels: labels:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
chart: {{ template "consul.chart" . }} chart: {{ template "vault.chart" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
spec: spec:
@ -20,7 +21,7 @@ spec:
protocol: "UDP" protocol: "UDP"
targetPort: dns-udp targetPort: dns-udp
selector: selector:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
release: "{{ .Release.Name }}" release: "{{ .Release.Name }}"
hasDNS: "true" hasDNS: "true"
{{- end }} {{- end }}

8
templates/server-config-configmap.yaml
View file

@ -1,12 +1,12 @@
# StatefulSet to run the actual Consul server cluster. # StatefulSet to run the actual vault server cluster.
{{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }} {{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ template "consul.fullname" . }}-server-config name: {{ template "vault.fullname" . }}-server-config
labels: labels:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
chart: {{ template "consul.chart" . }} chart: {{ template "vault.chart" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
data: data:

15
templates/server-service.yaml
View file

@ -1,16 +1,17 @@
# Headless service for Consul server DNS entries. This service should only # Headless service for Vault server DNS entries. This service should only
# point to Consul servers. For access to an agent, one should assume that # point to Vault servers. For access to an agent, one should assume that
# the agent is installed locally on the node and the NODE_IP should be used. # the agent is installed locally on the node and the NODE_IP should be used.
# If the node can't run a Consul agent, then this service can be used to # If the node can't run a Vault agent, then this service can be used to
# communicate directly to a server agent. # communicate directly to a server agent.
# TODO: verify for Vault
{{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }} {{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ template "consul.fullname" . }}-server name: {{ template "vault.fullname" . }}-server
labels: labels:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
chart: {{ template "consul.chart" . }} chart: {{ template "vault.chart" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
annotations: annotations:
@ -55,7 +56,7 @@ spec:
port: 8600 port: 8600
targetPort: dns-udp targetPort: dns-udp
selector: selector:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
release: "{{ .Release.Name }}" release: "{{ .Release.Name }}"
component: server component: server
{{- end }} {{- end }}

108
templates/server-statefulset.yaml
View file

@ -1,16 +1,16 @@
# StatefulSet to run the actual Consul server cluster. # StatefulSet to run the actual vault server cluster.
{{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }} {{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: apps/v1 apiVersion: apps/v1
kind: StatefulSet kind: StatefulSet
metadata: metadata:
name: {{ template "consul.fullname" . }}-server name: {{ template "vault.fullname" . }}-server
labels: labels:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
chart: {{ template "consul.chart" . }} chart: {{ template "vault.chart" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
spec: spec:
serviceName: {{ template "consul.fullname" . }}-server serviceName: {{ template "vault.fullname" . }}-server
podManagementPolicy: Parallel podManagementPolicy: Parallel
replicas: {{ .Values.server.replicas }} replicas: {{ .Values.server.replicas }}
{{- if (gt (int .Values.server.updatePartition) 0) }} {{- if (gt (int .Values.server.updatePartition) 0) }}
@ -21,28 +21,26 @@ spec:
{{- end }} {{- end }}
selector: selector:
matchLabels: matchLabels:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
chart: {{ template "consul.chart" . }} chart: {{ template "vault.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: server component: server
hasDNS: "true" hasDNS: "true"
template: template:
metadata: metadata:
labels: labels:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
chart: {{ template "consul.chart" . }} chart: {{ template "vault.chart" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: server component: server
hasDNS: "true" hasDNS: "true"
annotations:
"consul.hashicorp.com/connect-inject": "false"
spec: spec:
affinity: affinity:
podAntiAffinity: podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector: - labelSelector:
matchLabels: matchLabels:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
release: "{{ .Release.Name }}" release: "{{ .Release.Name }}"
component: server component: server
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
@ -52,7 +50,7 @@ spec:
volumes: volumes:
- name: config - name: config
configMap: configMap:
name: {{ template "consul.fullname" . }}-server-config name: {{ template "vault.fullname" . }}-server-config
{{- range .Values.server.extraVolumes }} {{- range .Values.server.extraVolumes }}
- name: userconfig-{{ .name }} - name: userconfig-{{ .name }}
{{ .type }}: {{ .type }}:
@ -63,7 +61,7 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
containers: containers:
- name: consul - name: vault
image: "{{ default .Values.global.image .Values.server.image }}" image: "{{ default .Values.global.image .Values.server.image }}"
env: env:
- name: POD_IP - name: POD_IP
@ -75,44 +73,47 @@ spec:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
command: command:
- "/bin/sh" - ""
- "-ec" # should give us dev server
- | #- "/bin/sh"
CONSUL_FULLNAME="{{template "consul.fullname" . }}" #- "-ec"
#- |
#vault_FULLNAME="{{template "vault.fullname" . }}"
exec /bin/consul agent \ #exec "hello vault"
-advertise="${POD_IP}" \ #exec /bin/vault agent \
-bind=0.0.0.0 \ # -advertise="${POD_IP}" \
-bootstrap-expect={{ .Values.server.bootstrapExpect }} \ # -bind=0.0.0.0 \
-client=0.0.0.0 \ # -bootstrap-expect={{ .Values.server.bootstrapExpect }} \
-config-dir=/consul/config \ # -client=0.0.0.0 \
{{- range .Values.server.extraVolumes }} # -config-dir=/vault/config \
{{- if .load }} # {{- range .Values.server.extraVolumes }}
-config-dir=/consul/userconfig/{{ .name }} # {{- if .load }}
{{- end }} # -config-dir=/vault/userconfig/{{ .name }}
{{- end }} # {{- end }}
-datacenter={{ .Values.global.datacenter }} \ # {{- end }}
-data-dir=/consul/data \ # -datacenter={{ .Values.global.datacenter }} \
-domain={{ .Values.global.domain }} \ # -data-dir=/vault/data \
{{- if .Values.server.connect }} # -domain={{ .Values.global.domain }} \
-hcl="connect { enabled = true }" \ # {{- if .Values.server.connect }}
{{- end }} # -hcl="connect { enabled = true }" \
{{- if .Values.ui.enabled }} # {{- end }}
-ui \ # {{- if .Values.ui.enabled }}
{{- end }} # -ui \
{{- range $index := until (.Values.server.replicas | int) }} # {{- end }}
-retry-join=${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc \ # {{- range $index := until (.Values.server.replicas | int) }}
{{- end }} # -retry-join=${vault_FULLNAME}-server-{{ $index }}.${vault_FULLNAME}-server.${NAMESPACE}.svc \
-server # {{- end }}
# -server
volumeMounts: volumeMounts:
- name: data - name: data
mountPath: /consul/data mountPath: /vault/data
- name: config - name: config
mountPath: /consul/config mountPath: /vault/config
{{- range .Values.server.extraVolumes }} {{- range .Values.server.extraVolumes }}
- name: userconfig-{{ .name }} - name: userconfig-{{ .name }}
readOnly: true readOnly: true
mountPath: /consul/userconfig/{{ .name }} mountPath: /vault/userconfig/{{ .name }}
{{- end }} {{- end }}
lifecycle: lifecycle:
preStop: preStop:
@ -120,7 +121,7 @@ spec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- consul leave - vault leave
ports: ports:
- containerPort: 8500 - containerPort: 8500
name: http name: http
@ -139,13 +140,14 @@ spec:
readinessProbe: readinessProbe:
# NOTE(mitchellh): when our HTTP status endpoints support the # NOTE(mitchellh): when our HTTP status endpoints support the
# proper status codes, we should switch to that. This is temporary. # proper status codes, we should switch to that. This is temporary.
exec: # TODO: verify for Vault
command: #exec:
- "/bin/sh" # command:
- "-ec" # - "/bin/sh"
- | # - "-ec"
curl http://127.0.0.1:8500/v1/status/leader 2>/dev/null | \ # - |
grep -E '".+"' # curl http://127.0.0.1:8500/v1/status/leader 2>/dev/null | \
# grep -E '".+"'
failureThreshold: 2 failureThreshold: 2
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 3 periodSeconds: 3

57
templates/sync-catalog-deployment.yaml
View file

@ -1,57 +0,0 @@
# The deployment for running the Connect sidecar injector
{{- if (or (and (ne (.Values.syncCatalog.enabled | toString) "-") .Values.syncCatalog.enabled) (and (eq (.Values.syncCatalog.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "consul.fullname" . }}-sync-catalog
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: sync-catalog
template:
metadata:
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: sync-catalog
spec:
containers:
- name: consul-sync-catalog
image: "{{ default .Values.global.imageK8S .Values.syncCatalog.image }}"
env:
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
command:
- "/bin/sh"
- "-ec"
- |
consul-k8s sync-catalog \
-http-addr=${HOST_IP}:8500 \
{{- if (not .Values.syncCatalog.toConsul) }}
-to-consul=false \
{{- end }}
{{- if (not .Values.syncCatalog.toK8S) }}
-to-k8s=false \
{{- end }}
-consul-domain={{ .Values.global.domain }} \
{{- if .Values.syncCatalog.k8sPrefix }}
-k8s-service-prefix="{{ .Values.syncCatalog.k8sPrefix}}" \
{{- end }}
-k8s-write-namespace=${NAMESPACE}
{{- end }}

14
templates/ui-service.yaml
View file

@ -1,21 +1,21 @@
# Headless service for Consul server DNS entries. This service should only # Headless service for Vault server DNS entries. This service should only
# point to Consul servers. For access to an agent, one should assume that # point to Vault servers. For access to an agent, one should assume that
# the agent is installed locally on the node and the NODE_IP should be used. # the agent is installed locally on the node and the NODE_IP should be used.
# If the node can't run a Consul agent, then this service can be used to # If the node can't run a Vault agent, then this service can be used to
# communicate directly to a server agent. # communicate directly to a server agent.
{{- if (and (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.service.enabled | toString) "-") .Values.ui.service.enabled) (and (eq (.Values.ui.service.enabled | toString) "-") .Values.global.enabled))) }} {{- if (and (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.enabled | toString) "-") .Values.ui.enabled) (and (eq (.Values.ui.enabled | toString) "-") .Values.global.enabled)) (or (and (ne (.Values.ui.service.enabled | toString) "-") .Values.ui.service.enabled) (and (eq (.Values.ui.service.enabled | toString) "-") .Values.global.enabled))) }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ template "consul.fullname" . }}-ui name: {{ template "vault.fullname" . }}-ui
labels: labels:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
chart: {{ template "consul.chart" . }} chart: {{ template "vault.chart" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
spec: spec:
selector: selector:
app: {{ template "consul.name" . }} app: {{ template "vault.name" . }}
release: "{{ .Release.Name }}" release: "{{ .Release.Name }}"
component: server component: server
ports: ports: