andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generated changes

pull/135/head
actions 2021-04-13 23:45:41 +00:00
parent ac39e0c429
commit 144ca5a77e
27 changed files with 514 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/haproxy/haproxy-1.12.100.tgz Normal file
View File

Binary file not shown.

29
assets/index.yaml
View File

@ -361,6 +361,33 @@ entries:
- assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz - assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz
version: 0.8.000 version: 0.8.000
haproxy: haproxy:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy
apiVersion: v1
appVersion: 1.5.1
created: "2021-04-13T23:45:40.966157742Z"
description: A Helm chart for HAProxy Kubernetes Ingress Controller
digest: 29aa101f4851cac5b94d2de40c961d0f24c90bb361c0bf1bc17d3244ddf92046
home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
keywords:
- ingress
- haproxy
kubeVersion: '>=1.12.0-0'
maintainers:
- email: mmhedhbi@haproxy.com
name: Moemen Mhedhbi
- email: bassmann@haproxy.com
name: Baptiste Assmann
- email: dkorunic@haproxy.com
name: Dinko Korunic
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
urls:
- assets/haproxy/haproxy-1.12.100.tgz
version: 1.12.100
- annotations: - annotations:
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy catalog.cattle.io/release-name: haproxy
@ -633,4 +660,4 @@ entries:
urls: urls:
- assets/sysdig/sysdig-1.9.200.tgz - assets/sysdig/sysdig-1.9.200.tgz
version: 1.9.200 version: 1.9.200
generated: "2021-03-09T00:13:50.360291665Z" generated: "2021-04-13T23:45:40.963701127Z"

4
charts/haproxy/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1 apiVersion: v1
appVersion: 1.4.6 appVersion: 1.5.1
description: A Helm chart for HAProxy Kubernetes Ingress Controller description: A Helm chart for HAProxy Kubernetes Ingress Controller
home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
@ -17,7 +17,7 @@ maintainers:
name: haproxy name: haproxy
sources: sources:
- https://github.com/haproxytech/kubernetes-ingress - https://github.com/haproxytech/kubernetes-ingress
version: 1.4.300 version: 1.12.100
annotations: annotations:
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy catalog.cattle.io/release-name: haproxy

15
charts/haproxy/README.md
View File

@ -14,8 +14,8 @@ This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [K
### Prerequisites ### Prerequisites
- Kubernetes 1.12+ - Kubernetes 1.12+
- Helm 2.9+ - Helm 2.9+
## Before you begin ## Before you begin
@ -123,6 +123,15 @@ helm install my-ingress4 haproxytech/kubernetes-ingress \
--set defaultBackend.replicaCount=null --set defaultBackend.replicaCount=null
``` ```
### Installing the ServiceMonitor
If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs.
```console
helm install my-ingress5 haproxytech/kubernetes-ingress \
--set "controller.serviceMonitor.enabled=true"
```
### Using values from YAML file ### Using values from YAML file
As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm: As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm:
@ -172,7 +181,7 @@ helm upgrade my-release haproxytech/kubernetes-ingress
To uninstall/delete the *my-release* deployment: To uninstall/delete the *my-release* deployment:
```console ```console
helm delete kubernetes-ingress helm delete my-release
``` ```
## Debugging ## Debugging

4
charts/haproxy/ci/daemonset-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
defaultBackend:
enabled: false

2
charts/haproxy/ci/deployment-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,2 @@
defaultBackend:
enabled: false

14
charts/haproxy/ci/deployment-hpa-values.yaml Normal file
View File

@ -0,0 +1,14 @@
controller:
kind: Deployment
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
defaultBackend:
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 50

2
charts/haproxy/ci/deployment-psp-values.yaml Normal file
View File

@ -0,0 +1,2 @@
podSecurityPolicy:
enabled: true

9
charts/haproxy/templates/_helpers.tpl
View File

@ -46,7 +46,7 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{kubernetes-ingress.publishServicePath{/* {{/*
Encode an imagePullSecret string. Encode an imagePullSecret string.
*/}} */}}
{{- define "kubernetes-ingress.imagePullSecret" }} {{- define "kubernetes-ingress.imagePullSecret" }}
@ -120,4 +120,11 @@ Construct the syslog-server annotation
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Create a default fully qualified ServiceMonitor name.
*/}}
{{- define "kubernetes-ingress.serviceMonitorName" -}}
{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* vim: set filetype=mustache: */}} {{/* vim: set filetype=mustache: */}}

11
charts/haproxy/templates/clusterrole.yaml
View File

@ -41,21 +41,20 @@ rules:
- watch - watch
- apiGroups: - apiGroups:
- "extensions" - "extensions"
- "networking.k8s.io"
resources: resources:
- ingresses - ingresses
- ingresses/status - ingresses/status
- ingressclasses
verbs: verbs:
- get - get
- list - list
- watch - watch
- update
- apiGroups: - apiGroups:
- "networking.k8s.io/v1beta1" - "extensions"
- "networking.k8s.io"
resources: resources:
- ingresses
- ingresses/status - ingresses/status
verbs: verbs:
- get - update
- list
- watch
{{- end -}} {{- end -}}

87
charts/haproxy/templates/controller-daemonset.yaml
View File

@ -29,6 +29,9 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
{{- end }}
spec: spec:
minReadySeconds: 0 minReadySeconds: 0
updateStrategy: updateStrategy:
@ -53,12 +56,21 @@ spec:
{{- end }} {{- end }}
spec: spec:
serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if $useHostNetwork }} {{- if $useHostNetwork }}
hostNetwork: true hostNetwork: true
{{- end }} {{- end }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }} {{- if .Values.controller.imageCredentials.registry }}
imagePullSecrets: imagePullSecrets:
- name: {{ template "kubernetes-ingress.fullname" . }} - name: {{ template "kubernetes-ingress.fullname" . }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }} {{- end }}
containers: containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
@ -67,13 +79,15 @@ spec:
args: args:
{{- if and .Values.controller.defaultTLSSecret.enabled -}} {{- if and .Values.controller.defaultTLSSecret.enabled -}}
{{- if .Values.controller.defaultTLSSecret.secret }} {{- if .Values.controller.defaultTLSSecret.secret }}
- --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }} - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }} {{- else }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }} {{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }} - --ingress.class={{ .Values.controller.ingressClass }}
{{- end }} {{- end }}
@ -86,6 +100,16 @@ spec:
{{- range .Values.controller.extraArgs }} {{- range .Values.controller.extraArgs }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
{{- if .Values.controller.unprivileged }}
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
ports: ports:
{{- range $key, $value := .Values.controller.containerPort }} {{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }} - name: {{ $key }}
@ -123,6 +147,16 @@ spec:
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
startupProbe:
failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.startupProbe.path }}
port: {{ .Values.controller.startupProbe.port }}
scheme: {{ .Values.controller.startupProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
env: env:
- name: POD_NAME - name: POD_NAME
valueFrom: valueFrom:
@ -132,11 +166,58 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
{{- range .Values.controller.extraEnvs }}
- name: "{{ .name }}"
value: "{{ .value }}"
{{- end }}
resources: resources:
{{- toYaml .Values.controller.resources | nindent 12 }} {{- toYaml .Values.controller.resources | nindent 12 }}
{{- with.Values.controller.initContainers }} {{- if .Values.controller.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
{{- end }}
{{- end}}
{{- if .Values.controller.extraContainers }}
{{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
initContainers: initContainers:
{{- toYaml . | nindent 8 }} {{- if .Values.controller.unprivileged }}
- name: sysctl
image: busybox:musl
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
{{- end }}
{{- with.Values.controller.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }} {{- end }}
{{- with .Values.controller.nodeSelector }} {{- with .Values.controller.nodeSelector }}
nodeSelector: nodeSelector:

2
charts/haproxy/templates/controller-defaultcertsecret.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.controller.defaultTLSSecret.enabled }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
type: kubernetes.io/tls type: kubernetes.io/tls
@ -31,3 +32,4 @@ metadata:
"helm.sh/hook-delete-policy": "before-hook-creation" "helm.sh/hook-delete-policy": "before-hook-creation"
data: data:
{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }} {{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }}
{{- end }}

91
charts/haproxy/templates/controller-deployment.yaml
View File

@ -26,8 +26,11 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
{{- end }}
spec: spec:
{{- if not ( kindIs "invalid" .Values.controller.replicaCount) }} {{- if not .Values.controller.autoscaling.enabled }}
replicas: {{ .Values.controller.replicaCount }} replicas: {{ .Values.controller.replicaCount }}
{{- end }} {{- end }}
selector: selector:
@ -52,9 +55,18 @@ spec:
{{- end }} {{- end }}
spec: spec:
serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }} {{- if .Values.controller.imageCredentials.registry }}
imagePullSecrets: imagePullSecrets:
- name: {{ template "kubernetes-ingress.fullname" . }} - name: {{ template "kubernetes-ingress.fullname" . }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }} {{- end }}
containers: containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
@ -62,12 +74,14 @@ spec:
imagePullPolicy: {{ .Values.controller.image.pullPolicy }} imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
args: args:
{{- if .Values.controller.defaultTLSSecret.secret }} {{- if .Values.controller.defaultTLSSecret.secret }}
- --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }} - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }} {{- else }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }} {{- end }}
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }} {{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }} - --ingress.class={{ .Values.controller.ingressClass }}
{{- end }} {{- end }}
@ -80,6 +94,16 @@ spec:
{{- range .Values.controller.extraArgs }} {{- range .Values.controller.extraArgs }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
{{- if .Values.controller.unprivileged }}
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
ports: ports:
{{- range $key, $value := .Values.controller.containerPort }} {{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }} - name: {{ $key }}
@ -88,7 +112,7 @@ spec:
{{- end }} {{- end }}
{{- range .Values.controller.service.tcpPorts }} {{- range .Values.controller.service.tcpPorts }}
- name: {{ .name }}-tcp - name: {{ .name }}-tcp
containerPort: {{ .port }} containerPort: {{ .targetPort }}
protocol: TCP protocol: TCP
{{- end }} {{- end }}
livenessProbe: livenessProbe:
@ -111,6 +135,16 @@ spec:
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
startupProbe:
failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.startupProbe.path }}
port: {{ .Values.controller.startupProbe.port }}
scheme: {{ .Values.controller.startupProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
env: env:
- name: POD_NAME - name: POD_NAME
valueFrom: valueFrom:
@ -120,11 +154,58 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
{{- range .Values.controller.extraEnvs }}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
resources: resources:
{{- toYaml .Values.controller.resources | nindent 12 }} {{- toYaml .Values.controller.resources | nindent 12 }}
{{- with.Values.controller.initContainers }} {{- if .Values.controller.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
{{- end }}
{{- end}}
{{- if .Values.controller.extraContainers }}
{{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
initContainers: initContainers:
{{- toYaml . | nindent 8 }} {{- if .Values.controller.unprivileged }}
- name: sysctl
image: busybox:musl
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
{{- end }}
{{- with.Values.controller.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }} {{- end }}
{{- with .Values.controller.nodeSelector }} {{- with .Values.controller.nodeSelector }}
nodeSelector: nodeSelector:

49
charts/haproxy/templates/controller-hpa.yaml Normal file
View File

@ -0,0 +1,49 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "kubernetes-ingress.fullname" . }}
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics:
{{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

25
charts/haproxy/templates/controller-podsecuritypolicy.yaml
View File

@ -32,16 +32,21 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
name: {{ template "kubernetes-ingress.fullname" . }} name: {{ template "kubernetes-ingress.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec: spec:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
allowedCapabilities: allowedCapabilities:
- NET_BIND_SERVICE - NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false
fsGroup: fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs rule: MustRunAs
ranges:
- max: 65535
min: 1
{{- if $useHostNetwork }} {{- if $useHostNetwork }}
hostNetwork: true hostNetwork: true
{{- end }} {{- end }}
@ -64,12 +69,12 @@ spec:
seLinux: seLinux:
rule: RunAsAny rule: RunAsAny
supplementalGroups: supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes: volumes:
- configMap - configMap
- downwardAPI - downwardAPI
- secret - secret
{{- end }} {{- end }}

3
charts/haproxy/templates/controller-service.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.controller.service.enabled }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
@ -97,4 +98,4 @@ spec:
{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }} {{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }}

41
charts/haproxy/templates/controller-servicemonitor.yaml Normal file
View File

@ -0,0 +1,41 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kubernetes-ingress.serviceMonitorName" . }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.serviceMonitor.extraLabels }}
{{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
{{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

15
charts/haproxy/templates/default-backend-deployment.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.defaultBackend.enabled }}
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -26,7 +27,7 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec: spec:
{{- if not (kindIs "invalid" .Values.defaultBackend.replicaCount) }} {{- if not .Values.defaultBackend.autoscaling.enabled }}
replicas: {{ .Values.defaultBackend.replicaCount }} replicas: {{ .Values.defaultBackend.replicaCount }}
{{- end }} {{- end }}
selector: selector:
@ -46,6 +47,9 @@ spec:
{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }} {{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers: containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }} - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }}
image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}" image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
@ -54,6 +58,13 @@ spec:
- name: http - name: http
containerPort: {{ .Values.defaultBackend.containerPort }} containerPort: {{ .Values.defaultBackend.containerPort }}
protocol: TCP protocol: TCP
{{- if .Values.defaultBackend.extraEnvs }}
env:
{{- range .Values.defaultBackend.extraEnvs }}
- name: "{{ .name }}"
value: "{{ .value }}"
{{- end }}
{{- end }}
resources: resources:
{{- toYaml .Values.defaultBackend.resources | nindent 12 }} {{- toYaml .Values.defaultBackend.resources | nindent 12 }}
{{- with .Values.defaultBackend.nodeSelector }} {{- with .Values.defaultBackend.nodeSelector }}
@ -65,7 +76,9 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }} serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
terminationGracePeriodSeconds: 60
{{- with .Values.defaultBackend.tolerations }} {{- with .Values.defaultBackend.tolerations }}
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- end }}

49
charts/haproxy/templates/default-backend-hpa.yaml Normal file
View File

@ -0,0 +1,49 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
metrics:
{{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

27
charts/haproxy/templates/default-backend-podsecuritypolicy.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }}
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
@ -29,16 +29,21 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec: spec:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
allowedCapabilities: allowedCapabilities:
- NET_BIND_SERVICE - NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false
fsGroup: fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs rule: MustRunAs
ranges:
- max: 65535
min: 1
hostNetwork: false hostNetwork: false
hostIPC: false hostIPC: false
hostPID: false hostPID: false
@ -48,12 +53,12 @@ spec:
seLinux: seLinux:
rule: RunAsAny rule: RunAsAny
supplementalGroups: supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes: volumes:
- configMap - configMap
- downwardAPI - downwardAPI
- secret - secret
{{- end }} {{- end }}

2
charts/haproxy/templates/default-backend-role.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:

2
charts/haproxy/templates/default-backend-rolebinding.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}} {{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:

2
charts/haproxy/templates/default-backend-service.yaml
View File

@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if .Values.defaultBackend.enabled }}
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
@ -36,3 +37,4 @@ spec:
selector: selector:
app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }} app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

2
charts/haproxy/templates/default-backend-serviceaccount.yaml
View File

@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}} {{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:

41
charts/haproxy/values.yaml
View File

@ -1,5 +1,10 @@
controller: controller:
affinity: {} affinity: {}
autoscaling:
enabled: false
maxReplicas: 20
minReplicas: 2
targetCPUUtilizationPercentage: 80
config: {} config: {}
containerPort: containerPort:
http: 80 http: 80
@ -15,7 +20,14 @@ controller:
defaultTLSSecret: defaultTLSSecret:
enabled: true enabled: true
secret: null secret: null
dnsConfig: {}
dnsPolicy: ClusterFirst
extraArgs: [] extraArgs: []
extraContainers: []
extraEnvs: []
extraLabels: {}
extraVolumeMounts: []
extraVolumes: []
image: image:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
repository: haproxytech/kubernetes-ingress repository: haproxytech/kubernetes-ingress
@ -27,6 +39,7 @@ controller:
ingressClass: null ingressClass: null
initContainers: [] initContainers: []
kind: Deployment kind: Deployment
lifecycle: {}
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
initialDelaySeconds: 0 initialDelaySeconds: 0
@ -43,6 +56,7 @@ controller:
nodeSelector: {} nodeSelector: {}
podAnnotations: {} podAnnotations: {}
podLabels: {} podLabels: {}
priorityClassName: ""
publishService: publishService:
enabled: false enabled: false
pathOverride: "" pathOverride: ""
@ -66,6 +80,7 @@ controller:
http: true http: true
https: true https: true
stat: true stat: true
enabled: true
externalIPs: [] externalIPs: []
healthCheckNodePort: 0 healthCheckNodePort: 0
labels: {} labels: {}
@ -82,11 +97,36 @@ controller:
stat: stat stat: stat
tcpPorts: [] tcpPorts: []
type: NodePort type: NodePort
serviceMonitor:
enabled: false
endpoints:
- path: /metrics
port: stat
scheme: http
extraLabels: {}
startupProbe:
failureThreshold: 20
initialDelaySeconds: 0
path: /healthz
periodSeconds: 1
port: 1042
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
strategy: {} strategy: {}
terminationGracePeriodSeconds: 60
tolerations: [] tolerations: []
unprivileged: false
defaultBackend: defaultBackend:
affinity: {} affinity: {}
autoscaling:
enabled: false
maxReplicas: 2
minReplicas: 1
targetCPUUtilizationPercentage: 80
containerPort: 8080 containerPort: 8080
enabled: true
extraEnvs: []
image: image:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
repository: k8s.gcr.io/defaultbackend-amd64 repository: k8s.gcr.io/defaultbackend-amd64
@ -96,6 +136,7 @@ defaultBackend:
nodeSelector: {} nodeSelector: {}
podAnnotations: {} podAnnotations: {}
podLabels: {} podLabels: {}
priorityClassName: ""
replicaCount: 2 replicaCount: 2
resources: resources:
requests: requests:

29
index.yaml
View File

@ -361,6 +361,33 @@ entries:
- assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz - assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz
version: 0.8.000 version: 0.8.000
haproxy: haproxy:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy
apiVersion: v1
appVersion: 1.5.1
created: "2021-04-13T23:45:40.966157742Z"
description: A Helm chart for HAProxy Kubernetes Ingress Controller
digest: 29aa101f4851cac5b94d2de40c961d0f24c90bb361c0bf1bc17d3244ddf92046
home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
keywords:
- ingress
- haproxy
kubeVersion: '>=1.12.0-0'
maintainers:
- email: mmhedhbi@haproxy.com
name: Moemen Mhedhbi
- email: bassmann@haproxy.com
name: Baptiste Assmann
- email: dkorunic@haproxy.com
name: Dinko Korunic
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
urls:
- assets/haproxy/haproxy-1.12.100.tgz
version: 1.12.100
- annotations: - annotations:
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: haproxy catalog.cattle.io/release-name: haproxy
@ -633,4 +660,4 @@ entries:
urls: urls:
- assets/sysdig/sysdig-1.9.200.tgz - assets/sysdig/sysdig-1.9.200.tgz
version: 1.9.200 version: 1.9.200
generated: "2021-03-09T00:13:50.360291665Z" generated: "2021-04-13T23:45:40.963701127Z"

4
sha256sum/haproxy/haproxy.sum
View File

@ -1,4 +1,4 @@
147d82b2b2f3880b668883eb0067fcfe5fa008200c141a21852d8378508871e2 packages/haproxy/haproxy.patch 0c2923b56401b95bfd0b80084a9dcc195afb92978179e3f5e4243812e6148ba7 packages/haproxy/haproxy.patch
ef96856c7f2241f1a7e5df4e841ade5c0678f8599c359d8b86736fb3b9ba4b72 packages/haproxy/overlay/app-readme.md ef96856c7f2241f1a7e5df4e841ade5c0678f8599c359d8b86736fb3b9ba4b72 packages/haproxy/overlay/app-readme.md
45a217ebefb053d23ddbd48e7e12ecd8119a8d0e8b31246d521c97740b7d3a78 packages/haproxy/overlay/questions.yml 45a217ebefb053d23ddbd48e7e12ecd8119a8d0e8b31246d521c97740b7d3a78 packages/haproxy/overlay/questions.yml
30f266384f60144b686ad8b4fa52eb6f8cf4d7037f753c47619c8651370bd6a2 packages/haproxy/package.yaml 5c75a8f608f9d22b26ab4849ebec07fdb9cd5663553aaedece920082a6b9332d packages/haproxy/package.yaml