Generated changes

assets/index.yaml

@@ -361,6 +361,33 @@ entries:
     - assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz
     version: 0.8.000
   haproxy:
+  - annotations:
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/release-name: haproxy
+    apiVersion: v1
+    appVersion: 1.5.1
+    created: "2021-04-13T23:45:40.966157742Z"
+    description: A Helm chart for HAProxy Kubernetes Ingress Controller
+    digest: 29aa101f4851cac5b94d2de40c961d0f24c90bb361c0bf1bc17d3244ddf92046
+    home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
+    icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
+    keywords:
+    - ingress
+    - haproxy
+    kubeVersion: '>=1.12.0-0'
+    maintainers:
+    - email: mmhedhbi@haproxy.com
+      name: Moemen Mhedhbi
+    - email: bassmann@haproxy.com
+      name: Baptiste Assmann
+    - email: dkorunic@haproxy.com
+      name: Dinko Korunic
+    name: haproxy
+    sources:
+    - https://github.com/haproxytech/kubernetes-ingress
+    urls:
+    - assets/haproxy/haproxy-1.12.100.tgz
+    version: 1.12.100
   - annotations:
       catalog.cattle.io/certified: partner
       catalog.cattle.io/release-name: haproxy
@@ -633,4 +660,4 @@ entries:
     urls:
     - assets/sysdig/sysdig-1.9.200.tgz
     version: 1.9.200
-generated: "2021-03-09T00:13:50.360291665Z"
+generated: "2021-04-13T23:45:40.963701127Z"

charts/haproxy/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 1.4.6
+appVersion: 1.5.1
 description: A Helm chart for HAProxy Kubernetes Ingress Controller
 home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
 icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
@@ -17,7 +17,7 @@ maintainers:
 name: haproxy
 sources:
 - https://github.com/haproxytech/kubernetes-ingress
-version: 1.4.300
+version: 1.12.100
 annotations:
   catalog.cattle.io/certified: partner
   catalog.cattle.io/release-name: haproxy

charts/haproxy/README.md

@@ -14,8 +14,8 @@ This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [K
 
 ### Prerequisites
 
-  - Kubernetes 1.12+
+- Kubernetes 1.12+
-  - Helm 2.9+
+- Helm 2.9+
 
 ## Before you begin
 
@@ -111,9 +111,9 @@ helm install my-ingress3 haproxytech/kubernetes-ingress \
   --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true"
 ```
 
-***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string. 
+***NOTE***: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string.
 
-### Installing with Horizontal Pod Autoscaler 
+### Installing with Horizontal Pod Autoscaler
 
 [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count. Therefore we want to unset default replicaCount for controller and defaultBackend by setting corresponding key values to null:
 
@@ -123,6 +123,15 @@ helm install my-ingress4 haproxytech/kubernetes-ingress \
   --set defaultBackend.replicaCount=null
 ```
 
+### Installing the ServiceMonitor
+
+If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs.
+
+```console
+helm install my-ingress5 haproxytech/kubernetes-ingress \
+  --set "controller.serviceMonitor.enabled=true"
+```
+
 ### Using values from YAML file
 
 As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm:
@@ -172,7 +181,7 @@ helm upgrade my-release haproxytech/kubernetes-ingress
 To uninstall/delete the *my-release* deployment:
 
 ```console
-helm delete kubernetes-ingress
+helm delete my-release
 ```
 
 ## Debugging

charts/haproxy/ci/daemonset-disableddefaultbackend-values.yaml

@@ -0,0 +1,4 @@
+controller:
+  kind: DaemonSet
+defaultBackend:
+  enabled: false

charts/haproxy/ci/deployment-disableddefaultbackend-values.yaml

@@ -0,0 +1,2 @@
+defaultBackend:
+  enabled: false

charts/haproxy/ci/deployment-hpa-values.yaml

@@ -0,0 +1,14 @@
+controller:
+  kind: Deployment
+  autoscaling:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+
+defaultBackend:
+  autoscaling:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 2
+    targetCPUUtilizationPercentage: 50

charts/haproxy/ci/deployment-psp-values.yaml

@@ -0,0 +1,2 @@
+podSecurityPolicy:
+  enabled: true

charts/haproxy/templates/_helpers.tpl

@@ -46,7 +46,7 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{kubernetes-ingress.publishServicePath{/*
+{{/*
 Encode an imagePullSecret string.
 */}}
 {{- define "kubernetes-ingress.imagePullSecret" }}
@@ -120,4 +120,11 @@ Construct the syslog-server annotation
 {{- end -}}
 {{- end -}}
 
+{{/*
+Create a default fully qualified ServiceMonitor name.
+*/}}
+{{- define "kubernetes-ingress.serviceMonitorName" -}}
+{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/* vim: set filetype=mustache: */}}

charts/haproxy/templates/clusterrole.yaml

@@ -41,21 +41,20 @@ rules:
   - watch
 - apiGroups:
   - "extensions"
+  - "networking.k8s.io"
   resources:
   - ingresses
   - ingresses/status
+  - ingressclasses
   verbs:
   - get
   - list
   - watch
-  - update
 - apiGroups:
-  - "networking.k8s.io/v1beta1"
+  - "extensions"
+  - "networking.k8s.io"
   resources:
-  - ingresses
   - ingresses/status
   verbs:
-  - get
+  - update
-  - list
-  - watch
 {{- end -}}

charts/haproxy/templates/controller-daemonset.yaml

@@ -29,6 +29,9 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    {{- if .Values.controller.extraLabels }}
+{{ toYaml .Values.controller.extraLabels | indent 4 }}
+    {{- end }}
 spec:
   minReadySeconds: 0
   updateStrategy:
@@ -53,12 +56,21 @@ spec:
       {{- end }}
     spec:
       serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
       {{- if $useHostNetwork }}
       hostNetwork: true
       {{- end }}
+{{- if .Values.controller.dnsConfig }}
+      dnsConfig:
+{{ toYaml .Values.controller.dnsConfig | indent 8 }}
+{{- end }}
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
 {{- if .Values.controller.imageCredentials.registry }}
       imagePullSecrets:
       - name: {{ template "kubernetes-ingress.fullname" . }}
+{{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
 {{- end }}
       containers:
         - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
@@ -67,13 +79,15 @@ spec:
           args:
 {{- if and .Values.controller.defaultTLSSecret.enabled -}}
 {{- if .Values.controller.defaultTLSSecret.secret }}
-          - --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }}
+          - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }}
 {{- else }}
           - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
 {{- end }}
 {{- end }}
           - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
+{{- if .Values.defaultBackend.enabled }}
           - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+{{- end }}
 {{- if .Values.controller.ingressClass }}
           - --ingress.class={{ .Values.controller.ingressClass }}
 {{- end }}
@@ -86,6 +100,16 @@ spec:
 {{- range .Values.controller.extraArgs }}
           - {{ . }}
 {{- end }}
+          {{- if .Values.controller.unprivileged }}
+          securityContext:
+            runAsUser:  1000
+            runAsGroup: 1000
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+          {{- end }}
           ports:
           {{- range $key, $value := .Values.controller.containerPort }}
             - name: {{ $key }}
@@ -123,6 +147,16 @@ spec:
             periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
             timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+          startupProbe:
+            failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
+            httpGet:
+              path: {{ .Values.controller.startupProbe.path }}
+              port: {{ .Values.controller.startupProbe.port }}
+              scheme: {{ .Values.controller.startupProbe.scheme }}
+            initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
+            successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
           env:
           - name: POD_NAME
             valueFrom:
@@ -132,11 +166,58 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          {{- range .Values.controller.extraEnvs }}
+          - name: "{{ .name }}"
+            value: "{{ .value }}"
+          {{- end }}
           resources:
             {{- toYaml .Values.controller.resources | nindent 12 }}
-      {{- with.Values.controller.initContainers }}
+          {{- if .Values.controller.lifecycle }}
+          lifecycle:
+            {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
+{{ tpl .Values.controller.lifecycle . | indent 12 }}
+            {{- else }}
+{{ toYaml .Values.controller.lifecycle | indent 12 }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.controller.extraVolumeMounts }}
+          volumeMounts:
+            {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
+{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
+            {{- else }}
+{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
+            {{- end }}
+          {{- end}}
+        {{- if .Values.controller.extraContainers }}
+          {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
+{{ tpl .Values.controller.extraContainers . | indent 8 }}
+          {{- else }}
+{{ toYaml .Values.controller.extraContainers | indent 8 }}
+          {{- end }}
+        {{- end }}
+      {{- if .Values.controller.extraVolumes }}
+      volumes:
+        {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
+{{ tpl .Values.controller.extraVolumes . | indent 8 }}
+        {{- else }}
+{{ toYaml .Values.controller.extraVolumes | indent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
       initContainers:
-        {{- toYaml . | nindent 8 }}
+        {{- if .Values.controller.unprivileged }}
+        - name: sysctl
+          image: busybox:musl
+          command:
+            - /bin/sh
+            - -c
+            - sysctl -w net.ipv4.ip_unprivileged_port_start=0
+          securityContext:
+            privileged: true
+        {{- end }}
+        {{- with.Values.controller.initContainers }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- end }}
       {{- with .Values.controller.nodeSelector }}
       nodeSelector:

charts/haproxy/templates/controller-defaultcertsecret.yaml

@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
+{{- if .Values.controller.defaultTLSSecret.enabled }}
 apiVersion: v1
 kind: Secret
 type: kubernetes.io/tls
@@ -31,3 +32,4 @@ metadata:
     "helm.sh/hook-delete-policy": "before-hook-creation"
 data:
 {{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }}
+{{- end }}

charts/haproxy/templates/controller-deployment.yaml

@@ -26,8 +26,11 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    {{- if .Values.controller.extraLabels }}
+{{ toYaml .Values.controller.extraLabels | indent 4 }}
+    {{- end }}
 spec:
-  {{- if not ( kindIs "invalid" .Values.controller.replicaCount) }}
+  {{- if not .Values.controller.autoscaling.enabled }}
   replicas: {{ .Values.controller.replicaCount }}
   {{- end }}
   selector:
@@ -52,9 +55,18 @@ spec:
       {{- end }}
     spec:
       serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+{{- if .Values.controller.dnsConfig }}
+      dnsConfig:
+{{ toYaml .Values.controller.dnsConfig | indent 8 }}
+{{- end }}
+      dnsPolicy: {{ .Values.controller.dnsPolicy }}
 {{- if .Values.controller.imageCredentials.registry }}
       imagePullSecrets:
       - name: {{ template "kubernetes-ingress.fullname" . }}
+{{- end }}
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
 {{- end }}
       containers:
         - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
@@ -62,12 +74,14 @@ spec:
           imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
           args:
 {{- if .Values.controller.defaultTLSSecret.secret }}
-          - --default-ssl-certificate={{ .Values.controller.defaultTLSSecret.secret }}
+          - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }}
 {{- else }}
           - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
 {{- end }}
           - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
+{{- if .Values.defaultBackend.enabled }}
           - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+{{- end }}
 {{- if .Values.controller.ingressClass }}
           - --ingress.class={{ .Values.controller.ingressClass }}
 {{- end }}
@@ -80,6 +94,16 @@ spec:
 {{- range .Values.controller.extraArgs }}
           - {{ . }}
 {{- end }}
+          {{- if .Values.controller.unprivileged }}
+          securityContext:
+            runAsUser:  1000
+            runAsGroup: 1000
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+          {{- end }}
           ports:
           {{- range $key, $value := .Values.controller.containerPort }}
             - name: {{ $key }}
@@ -88,7 +112,7 @@ spec:
           {{- end }}
           {{- range .Values.controller.service.tcpPorts }}
             - name: {{ .name }}-tcp
-              containerPort: {{ .port }}
+              containerPort: {{ .targetPort }}
               protocol: TCP
           {{- end }}
           livenessProbe:
@@ -111,6 +135,16 @@ spec:
             periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
             timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
+          startupProbe:
+            failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
+            httpGet:
+              path: {{ .Values.controller.startupProbe.path }}
+              port: {{ .Values.controller.startupProbe.port }}
+              scheme: {{ .Values.controller.startupProbe.scheme }}
+            initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
+            successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
           env:
           - name: POD_NAME
             valueFrom:
@@ -120,11 +154,58 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          {{- range .Values.controller.extraEnvs }}
+          - name: {{ .name }}
+            value: {{ .value }}
+          {{- end }}
           resources:
             {{- toYaml .Values.controller.resources | nindent 12 }}
-      {{- with.Values.controller.initContainers }}
+          {{- if .Values.controller.lifecycle }}
+          lifecycle:
+            {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
+{{ tpl .Values.controller.lifecycle . | indent 12 }}
+            {{- else }}
+{{ toYaml .Values.controller.lifecycle | indent 12 }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.controller.extraVolumeMounts }}
+          volumeMounts:
+            {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
+{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
+            {{- else }}
+{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
+            {{- end }}
+          {{- end}}
+        {{- if .Values.controller.extraContainers }}
+          {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
+{{ tpl .Values.controller.extraContainers . | indent 8 }}
+          {{- else }}
+{{ toYaml .Values.controller.extraContainers | indent 8 }}
+          {{- end }}
+        {{- end }}
+      {{- if .Values.controller.extraVolumes }}
+      volumes:
+        {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
+{{ tpl .Values.controller.extraVolumes . | indent 8 }}
+        {{- else }}
+{{ toYaml .Values.controller.extraVolumes | indent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
       initContainers:
-        {{- toYaml . | nindent 8 }}
+        {{- if .Values.controller.unprivileged }}
+        - name: sysctl
+          image: busybox:musl
+          command:
+            - /bin/sh
+            - -c
+            - sysctl -w net.ipv4.ip_unprivileged_port_start=0
+          securityContext:
+            privileged: true
+        {{- end }}
+        {{- with.Values.controller.initContainers }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- end }}
       {{- with .Values.controller.nodeSelector }}
       nodeSelector:

charts/haproxy/templates/controller-hpa.yaml

@@ -0,0 +1,49 @@
+{{/*
+Copyright 2020 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "kubernetes-ingress.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "kubernetes-ingress.fullname" . }}
+  minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+{{- end }}

charts/haproxy/templates/controller-podsecuritypolicy.yaml

@@ -32,16 +32,21 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
   name: {{ template "kubernetes-ingress.fullname" . }}
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
 spec:
   allowPrivilegeEscalation: false
   allowedCapabilities:
-  - NET_BIND_SERVICE
+    - NET_BIND_SERVICE
   defaultAllowPrivilegeEscalation: false
   fsGroup:
-    ranges:
-    - max: 65535
-      min: 1
     rule: MustRunAs
+    ranges:
+      - max: 65535
+        min: 1
 {{- if $useHostNetwork }}
   hostNetwork: true
 {{- end }}
@@ -64,12 +69,12 @@ spec:
   seLinux:
     rule: RunAsAny
   supplementalGroups:
-    ranges:
-    - max: 65535
-      min: 1
     rule: MustRunAs
+    ranges:
+      - max: 65535
+        min: 1
   volumes:
-  - configMap
+    - configMap
-  - downwardAPI
+    - downwardAPI
-  - secret
+    - secret
 {{- end }}

charts/haproxy/templates/controller-service.yaml

@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
+{{- if .Values.controller.service.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -97,4 +98,4 @@ spec:
 {{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
 {{- end }}
 {{- end }}
-
+{{- end }}

charts/haproxy/templates/controller-servicemonitor.yaml

@@ -0,0 +1,41 @@
+{{/*
+Copyright 2019 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.controller.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "kubernetes-ingress.serviceMonitorName" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    {{- if .Values.controller.serviceMonitor.extraLabels }}
+    {{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    {{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/haproxy/templates/default-backend-deployment.yaml

@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
+{{- if .Values.defaultBackend.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -26,7 +27,7 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
 spec:
-  {{- if not (kindIs "invalid" .Values.defaultBackend.replicaCount) }}
+  {{- if not .Values.defaultBackend.autoscaling.enabled }}
   replicas: {{ .Values.defaultBackend.replicaCount }}
   {{- end }}
   selector:
@@ -46,6 +47,9 @@ spec:
 {{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
       {{- end }}
     spec:
+{{- if .Values.controller.priorityClassName }}
+      priorityClassName: {{ .Values.controller.priorityClassName }}
+{{- end }}
       containers:
         - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }}
           image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
@@ -54,6 +58,13 @@ spec:
             - name: http
               containerPort: {{ .Values.defaultBackend.containerPort }}
               protocol: TCP
+          {{- if .Values.defaultBackend.extraEnvs }}
+          env:
+          {{- range .Values.defaultBackend.extraEnvs }}
+          - name: "{{ .name }}"
+            value: "{{ .value }}"
+          {{- end }}
+          {{- end }}
           resources:
             {{- toYaml .Values.defaultBackend.resources | nindent 12 }}
       {{- with .Values.defaultBackend.nodeSelector }}
@@ -65,7 +76,9 @@ spec:
         {{- toYaml . | nindent 8 }}
     {{- end }}
       serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
+      terminationGracePeriodSeconds: 60
     {{- with .Values.defaultBackend.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+{{- end }}

charts/haproxy/templates/default-backend-hpa.yaml

@@ -0,0 +1,49 @@
+{{/*
+Copyright 2020 HAProxy Technologies LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
+    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+{{- end }}

charts/haproxy/templates/default-backend-podsecuritypolicy.yaml

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }}
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
@@ -29,16 +29,21 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
   name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'runtime/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
 spec:
   allowPrivilegeEscalation: false
   allowedCapabilities:
-  - NET_BIND_SERVICE
+    - NET_BIND_SERVICE
   defaultAllowPrivilegeEscalation: false
   fsGroup:
-    ranges:
-    - max: 65535
-      min: 1
     rule: MustRunAs
+    ranges:
+      - max: 65535
+        min: 1
   hostNetwork: false
   hostIPC: false
   hostPID: false
@@ -48,12 +53,12 @@ spec:
   seLinux:
     rule: RunAsAny
   supplementalGroups:
-    ranges:
-    - max: 65535
-      min: 1
     rule: MustRunAs
+    ranges:
+      - max: 65535
+        min: 1
   volumes:
-  - configMap
+    - configMap
-  - downwardAPI
+    - downwardAPI
-  - secret
+    - secret
 {{- end }}

charts/haproxy/templates/default-backend-role.yaml

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:

charts/haproxy/templates/default-backend-rolebinding.yaml

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:

charts/haproxy/templates/default-backend-service.yaml

@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
+{{- if .Values.defaultBackend.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -27,7 +28,7 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
 spec:
   type: ClusterIP
-  clusterIP: None 
+  clusterIP: None
   ports:
     - name: http
       port: {{ .Values.defaultBackend.service.port }}
@@ -36,3 +37,4 @@ spec:
   selector:
     app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/haproxy/templates/default-backend-serviceaccount.yaml

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}}
+{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/haproxy/values.yaml

@@ -1,5 +1,10 @@
 controller:
   affinity: {}
+  autoscaling:
+    enabled: false
+    maxReplicas: 20
+    minReplicas: 2
+    targetCPUUtilizationPercentage: 80
   config: {}
   containerPort:
     http: 80
@@ -15,7 +20,14 @@ controller:
   defaultTLSSecret:
     enabled: true
     secret: null
+  dnsConfig: {}
+  dnsPolicy: ClusterFirst
   extraArgs: []
+  extraContainers: []
+  extraEnvs: []
+  extraLabels: {}
+  extraVolumeMounts: []
+  extraVolumes: []
   image:
     pullPolicy: IfNotPresent
     repository: haproxytech/kubernetes-ingress
@@ -27,6 +39,7 @@ controller:
   ingressClass: null
   initContainers: []
   kind: Deployment
+  lifecycle: {}
   livenessProbe:
     failureThreshold: 3
     initialDelaySeconds: 0
@@ -43,6 +56,7 @@ controller:
   nodeSelector: {}
   podAnnotations: {}
   podLabels: {}
+  priorityClassName: ""
   publishService:
     enabled: false
     pathOverride: ""
@@ -66,6 +80,7 @@ controller:
       http: true
       https: true
       stat: true
+    enabled: true
     externalIPs: []
     healthCheckNodePort: 0
     labels: {}
@@ -82,11 +97,36 @@ controller:
       stat: stat
     tcpPorts: []
     type: NodePort
+  serviceMonitor:
+    enabled: false
+    endpoints:
+    - path: /metrics
+      port: stat
+      scheme: http
+    extraLabels: {}
+  startupProbe:
+    failureThreshold: 20
+    initialDelaySeconds: 0
+    path: /healthz
+    periodSeconds: 1
+    port: 1042
+    scheme: HTTP
+    successThreshold: 1
+    timeoutSeconds: 1
   strategy: {}
+  terminationGracePeriodSeconds: 60
   tolerations: []
+  unprivileged: false
 defaultBackend:
   affinity: {}
+  autoscaling:
+    enabled: false
+    maxReplicas: 2
+    minReplicas: 1
+    targetCPUUtilizationPercentage: 80
   containerPort: 8080
+  enabled: true
+  extraEnvs: []
   image:
     pullPolicy: IfNotPresent
     repository: k8s.gcr.io/defaultbackend-amd64
@@ -96,6 +136,7 @@ defaultBackend:
   nodeSelector: {}
   podAnnotations: {}
   podLabels: {}
+  priorityClassName: ""
   replicaCount: 2
   resources:
     requests:

index.yaml

@@ -361,6 +361,33 @@ entries:
     - assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz
     version: 0.8.000
   haproxy:
+  - annotations:
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/release-name: haproxy
+    apiVersion: v1
+    appVersion: 1.5.1
+    created: "2021-04-13T23:45:40.966157742Z"
+    description: A Helm chart for HAProxy Kubernetes Ingress Controller
+    digest: 29aa101f4851cac5b94d2de40c961d0f24c90bb361c0bf1bc17d3244ddf92046
+    home: https://github.com/haproxytech/helm-charts/tree/master/kubernetes-ingress
+    icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
+    keywords:
+    - ingress
+    - haproxy
+    kubeVersion: '>=1.12.0-0'
+    maintainers:
+    - email: mmhedhbi@haproxy.com
+      name: Moemen Mhedhbi
+    - email: bassmann@haproxy.com
+      name: Baptiste Assmann
+    - email: dkorunic@haproxy.com
+      name: Dinko Korunic
+    name: haproxy
+    sources:
+    - https://github.com/haproxytech/kubernetes-ingress
+    urls:
+    - assets/haproxy/haproxy-1.12.100.tgz
+    version: 1.12.100
   - annotations:
       catalog.cattle.io/certified: partner
       catalog.cattle.io/release-name: haproxy
@@ -633,4 +660,4 @@ entries:
     urls:
     - assets/sysdig/sysdig-1.9.200.tgz
     version: 1.9.200
-generated: "2021-03-09T00:13:50.360291665Z"
+generated: "2021-04-13T23:45:40.963701127Z"

sha256sum/haproxy/haproxy.sum

@@ -1,4 +1,4 @@
-147d82b2b2f3880b668883eb0067fcfe5fa008200c141a21852d8378508871e2  packages/haproxy/haproxy.patch
+0c2923b56401b95bfd0b80084a9dcc195afb92978179e3f5e4243812e6148ba7  packages/haproxy/haproxy.patch
 ef96856c7f2241f1a7e5df4e841ade5c0678f8599c359d8b86736fb3b9ba4b72  packages/haproxy/overlay/app-readme.md
 45a217ebefb053d23ddbd48e7e12ecd8119a8d0e8b31246d521c97740b7d3a78  packages/haproxy/overlay/questions.yml
-30f266384f60144b686ad8b4fa52eb6f8cf4d7037f753c47619c8651370bd6a2  packages/haproxy/package.yaml
+5c75a8f608f9d22b26ab4849ebec07fdb9cd5663553aaedece920082a6b9332d  packages/haproxy/package.yaml