andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generated changes

pull/135/head
actions 2021-04-13 23:45:41 +00:00
parent ac39e0c429
commit 144ca5a77e
27 changed files with 514 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/haproxy/haproxy-1.12.100.tgz Normal file
View File

Binary file not shown.

29
assets/index.yaml
View File

@ -361,6 +361,33 @@ entries:
- assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz
version: 0.8.000
haproxy:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy
apiVersion: v1
appVersion: 1.5.1
created: "2021-04-13T23:45:40.966157742Z"
description: A Helm chart for HAProxy Kubernetes Ingress Controller
digest: 29aa101f4851cac5b94d2de40c961d0f24c90bb361c0bf1bc17d3244ddf92046
home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
keywords:
- ingress
- haproxy
kubeVersion: '>=1.12.0-0'
maintainers:
- email: mmhedhbi@haproxy.com
name: Moemen Mhedhbi
- email: bassmann@haproxy.com
name: Baptiste Assmann
- email: dkorunic@haproxy.com
name: Dinko Korunic
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
urls:
- assets/haproxy/haproxy-1.12.100.tgz
version: 1.12.100
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy
@ -633,4 +660,4 @@ entries:
urls:
- assets/sysdig/sysdig-1.9.200.tgz
version: 1.9.200
generated: "2021-03-09T00:13:50.360291665Z"
generated: "2021-04-13T23:45:40.963701127Z"

4
charts/haproxy/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 1.4.6
appVersion: 1.5.1
description: A Helm chart for HAProxy Kubernetes Ingress Controller
home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
@ -17,7 +17,7 @@ maintainers:
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
version: 1.4.300
version: 1.12.100
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy

19
charts/haproxy/README.md
View File

@ -14,8 +14,8 @@ This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [K
### Prerequisites
- Kubernetes 1.12+
- Helm 2.9+
- Kubernetes 1.12+
- Helm 2.9+
## Before you begin
@ -111,9 +111,9 @@ helm install my-ingress3 haproxytech/kubernetes-ingress \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true"
```
***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string.
***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string.
### Installing with Horizontal Pod Autoscaler
### Installing with Horizontal Pod Autoscaler
[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null:
@ -123,6 +123,15 @@ helm install my-ingress4 haproxytech/kubernetes-ingress \
--set defaultBackend.replicaCount=null
```
### Installing the ServiceMonitor
If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs.
```console
helm install my-ingress5 haproxytech/kubernetes-ingress \
--set "controller.serviceMonitor.enabled=true"
```
### Using values from YAML file
As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm:
@ -172,7 +181,7 @@ helm upgrade my-release haproxytech/kubernetes-ingress
To uninstall/delete the *my-release* deployment:
```console
helm delete kubernetes-ingress
helm delete my-release
```
## Debugging

4
charts/haproxy/ci/daemonset-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
defaultBackend:
enabled: false

2
charts/haproxy/ci/deployment-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,2 @@
defaultBackend:
enabled: false

14
charts/haproxy/ci/deployment-hpa-values.yaml Normal file
View File

@ -0,0 +1,14 @@
controller:
kind: Deployment
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
defaultBackend:
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 50

2
charts/haproxy/ci/deployment-psp-values.yaml Normal file
View File

@ -0,0 +1,2 @@
podSecurityPolicy:
enabled: true

9
charts/haproxy/templates/_helpers.tpl
View File

@ -46,7 +46,7 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{kubernetes-ingress.publishServicePath{/*
{{/*
Encode an imagePullSecret string.
*/}}
{{- define "kubernetes-ingress.imagePullSecret" }}
@ -120,4 +120,11 @@ Construct the syslog-server annotation
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified ServiceMonitor name.
*/}}
{{- define "kubernetes-ingress.serviceMonitorName" -}}
{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* vim: set filetype=mustache: */}}

11
charts/haproxy/templates/clusterrole.yaml
View File

@ -41,21 +41,20 @@ rules:
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
- ingresses/status
- ingressclasses
verbs:
- get
- list
- watch
- update
- apiGroups:
- "networking.k8s.io/v1beta1"
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
- ingresses/status
verbs:
- get
- list
- watch
- update
{{- end -}}

87
charts/haproxy/templates/controller-daemonset.yaml
View File

@ -29,6 +29,9 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
{{- end }}
spec:
minReadySeconds: 0
updateStrategy:
@ -53,12 +56,21 @@ spec:
{{- end }}
spec:
serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if $useHostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }}
imagePullSecrets:
- name: {{ template "kubernetes-ingress.fullname" . }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
@ -67,13 +79,15 @@ spec:
args:
{{- if and .Values.controller.defaultTLSSecret.enabled -}}
{{- if .Values.controller.defaultTLSSecret.secret }}
- --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }}
{{- end }}
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
@ -86,6 +100,16 @@ spec:
{{- range .Values.controller.extraArgs }}
- {{ . }}
{{- end }}
{{- if .Values.controller.unprivileged }}
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
@ -123,6 +147,16 @@ spec:
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
startupProbe:
failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.startupProbe.path }}
port: {{ .Values.controller.startupProbe.port }}
scheme: {{ .Values.controller.startupProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
env:
- name: POD_NAME
valueFrom:
@ -132,11 +166,58 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- range .Values.controller.extraEnvs }}
- name: "{{ .name }}"
value: "{{ .value }}"
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
{{- with.Values.controller.initContainers }}
{{- if .Values.controller.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
{{- end }}
{{- end}}
{{- if .Values.controller.extraContainers }}
{{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- if .Values.controller.unprivileged }}
- name: sysctl
image: busybox:musl
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
{{- end }}
{{- with.Values.controller.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:

2
charts/haproxy/templates/controller-defaultcertsecret.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.defaultTLSSecret.enabled }}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
@ -31,3 +32,4 @@ metadata:
"helm.sh/hook-delete-policy": "before-hook-creation"
data:
{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }}
{{- end }}

91
charts/haproxy/templates/controller-deployment.yaml
View File

@ -26,8 +26,11 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
{{- end }}
spec:
{{- if not ( kindIs "invalid" .Values.controller.replicaCount) }}
{{- if not .Values.controller.autoscaling.enabled }}
replicas: {{ .Values.controller.replicaCount }}
{{- end }}
selector:
@ -52,9 +55,18 @@ spec:
{{- end }}
spec:
serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }}
imagePullSecrets:
- name: {{ template "kubernetes-ingress.fullname" . }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
@ -62,12 +74,14 @@ spec:
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
args:
{{- if .Values.controller.defaultTLSSecret.secret }}
- --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }}
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
@ -80,6 +94,16 @@ spec:
{{- range .Values.controller.extraArgs }}
- {{ . }}
{{- end }}
{{- if .Values.controller.unprivileged }}
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
@ -88,7 +112,7 @@ spec:
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- name: {{ .name }}-tcp
containerPort: {{ .port }}
containerPort: {{ .targetPort }}
protocol: TCP
{{- end }}
livenessProbe:
@ -111,6 +135,16 @@ spec:
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
startupProbe:
failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.startupProbe.path }}
port: {{ .Values.controller.startupProbe.port }}
scheme: {{ .Values.controller.startupProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
env:
- name: POD_NAME
valueFrom:
@ -120,11 +154,58 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- range .Values.controller.extraEnvs }}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
{{- with.Values.controller.initContainers }}
{{- if .Values.controller.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
{{- end }}
{{- end}}
{{- if .Values.controller.extraContainers }}
{{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- if .Values.controller.unprivileged }}
- name: sysctl
image: busybox:musl
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
{{- end }}
{{- with.Values.controller.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:

49
charts/haproxy/templates/controller-hpa.yaml Normal file
View File

@ -0,0 +1,49 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "kubernetes-ingress.fullname" . }}
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics:
{{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

25
charts/haproxy/templates/controller-podsecuritypolicy.yaml
View File

@ -32,16 +32,21 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
name: {{ template "kubernetes-ingress.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_BIND_SERVICE
- NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
ranges:
- max: 65535
min: 1
{{- if $useHostNetwork }}
hostNetwork: true
{{- end }}
@ -64,12 +69,12 @@ spec:
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes:
- configMap
- downwardAPI
- secret
- configMap
- downwardAPI
- secret
{{- end }}

3
charts/haproxy/templates/controller-service.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.service.enabled }}
apiVersion: v1
kind: Service
metadata:
@ -97,4 +98,4 @@ spec:
{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end }}
{{- end }}

41
charts/haproxy/templates/controller-servicemonitor.yaml Normal file
View File

@ -0,0 +1,41 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kubernetes-ingress.serviceMonitorName" . }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.serviceMonitor.extraLabels }}
{{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
{{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

15
charts/haproxy/templates/default-backend-deployment.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.defaultBackend.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
@ -26,7 +27,7 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
{{- if not (kindIs "invalid" .Values.defaultBackend.replicaCount) }}
{{- if not .Values.defaultBackend.autoscaling.enabled }}
replicas: {{ .Values.defaultBackend.replicaCount }}
{{- end }}
selector:
@ -46,6 +47,9 @@ spec:
{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }}
image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
@ -54,6 +58,13 @@ spec:
- name: http
containerPort: {{ .Values.defaultBackend.containerPort }}
protocol: TCP
{{- if .Values.defaultBackend.extraEnvs }}
env:
{{- range .Values.defaultBackend.extraEnvs }}
- name: "{{ .name }}"
value: "{{ .value }}"
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.defaultBackend.resources | nindent 12 }}
{{- with .Values.defaultBackend.nodeSelector }}
@ -65,7 +76,9 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
terminationGracePeriodSeconds: 60
{{- with .Values.defaultBackend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

49
charts/haproxy/templates/default-backend-hpa.yaml Normal file
View File

@ -0,0 +1,49 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
metrics:
{{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

27
charts/haproxy/templates/default-backend-podsecuritypolicy.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
@ -29,16 +29,21 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_BIND_SERVICE
- NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
ranges:
- max: 65535
min: 1
hostNetwork: false
hostIPC: false
hostPID: false
@ -48,12 +53,12 @@ spec:
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes:
- configMap
- downwardAPI
- secret
- configMap
- downwardAPI
- secret
{{- end }}

2
charts/haproxy/templates/default-backend-role.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

2
charts/haproxy/templates/default-backend-rolebinding.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:

4
charts/haproxy/templates/default-backend-service.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.defaultBackend.enabled }}
apiVersion: v1
kind: Service
metadata:
@ -27,7 +28,7 @@ metadata:
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
type: ClusterIP
clusterIP: None
clusterIP: None
ports:
- name: http
port: {{ .Values.defaultBackend.service.port }}
@ -36,3 +37,4 @@ spec:
selector:
app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

2
charts/haproxy/templates/default-backend-serviceaccount.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}}
{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}}
apiVersion: v1
kind: ServiceAccount
metadata:

41
charts/haproxy/values.yaml
View File

@ -1,5 +1,10 @@
controller:
affinity: {}
autoscaling:
enabled: false
maxReplicas: 20
minReplicas: 2
targetCPUUtilizationPercentage: 80
config: {}
containerPort:
http: 80
@ -15,7 +20,14 @@ controller:
defaultTLSSecret:
enabled: true
secret: null
dnsConfig: {}
dnsPolicy: ClusterFirst
extraArgs: []
extraContainers: []
extraEnvs: []
extraLabels: {}
extraVolumeMounts: []
extraVolumes: []
image:
pullPolicy: IfNotPresent
repository: haproxytech/kubernetes-ingress
@ -27,6 +39,7 @@ controller:
ingressClass: null
initContainers: []
kind: Deployment
lifecycle: {}
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
@ -43,6 +56,7 @@ controller:
nodeSelector: {}
podAnnotations: {}
podLabels: {}
priorityClassName: ""
publishService:
enabled: false
pathOverride: ""
@ -66,6 +80,7 @@ controller:
http: true
https: true
stat: true
enabled: true
externalIPs: []
healthCheckNodePort: 0
labels: {}
@ -82,11 +97,36 @@ controller:
stat: stat
tcpPorts: []
type: NodePort
serviceMonitor:
enabled: false
endpoints:
- path: /metrics
port: stat
scheme: http
extraLabels: {}
startupProbe:
failureThreshold: 20
initialDelaySeconds: 0
path: /healthz
periodSeconds: 1
port: 1042
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
strategy: {}
terminationGracePeriodSeconds: 60
tolerations: []
unprivileged: false
defaultBackend:
affinity: {}
autoscaling:
enabled: false
maxReplicas: 2
minReplicas: 1
targetCPUUtilizationPercentage: 80
containerPort: 8080
enabled: true
extraEnvs: []
image:
pullPolicy: IfNotPresent
repository: k8s.gcr.io/defaultbackend-amd64
@ -96,6 +136,7 @@ defaultBackend:
nodeSelector: {}
podAnnotations: {}
podLabels: {}
priorityClassName: ""
replicaCount: 2
resources:
requests:

29
index.yaml
View File

@ -361,6 +361,33 @@ entries:
- assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz
version: 0.8.000
haproxy:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy
apiVersion: v1
appVersion: 1.5.1
created: "2021-04-13T23:45:40.966157742Z"
description: A Helm chart for HAProxy Kubernetes Ingress Controller
digest: 29aa101f4851cac5b94d2de40c961d0f24c90bb361c0bf1bc17d3244ddf92046
home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
keywords:
- ingress
- haproxy
kubeVersion: '>=1.12.0-0'
maintainers:
- email: mmhedhbi@haproxy.com
name: Moemen Mhedhbi
- email: bassmann@haproxy.com
name: Baptiste Assmann
- email: dkorunic@haproxy.com
name: Dinko Korunic
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
urls:
- assets/haproxy/haproxy-1.12.100.tgz
version: 1.12.100
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy
@ -633,4 +660,4 @@ entries:
urls:
- assets/sysdig/sysdig-1.9.200.tgz
version: 1.9.200
generated: "2021-03-09T00:13:50.360291665Z"
generated: "2021-04-13T23:45:40.963701127Z"

4
sha256sum/haproxy/haproxy.sum
View File

@ -1,4 +1,4 @@
147d82b2b2f3880b668883eb0067fcfe5fa008200c141a21852d8378508871e2 packages/haproxy/haproxy.patch
0c2923b56401b95bfd0b80084a9dcc195afb92978179e3f5e4243812e6148ba7 packages/haproxy/haproxy.patch
ef96856c7f2241f1a7e5df4e841ade5c0678f8599c359d8b86736fb3b9ba4b72 packages/haproxy/overlay/app-readme.md
45a217ebefb053d23ddbd48e7e12ecd8119a8d0e8b31246d521c97740b7d3a78 packages/haproxy/overlay/questions.yml
30f266384f60144b686ad8b4fa52eb6f8cf4d7037f753c47619c8651370bd6a2 packages/haproxy/package.yaml
5c75a8f608f9d22b26ab4849ebec07fdb9cd5663553aaedece920082a6b9332d packages/haproxy/package.yaml