andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Chart build for HAProxy 1.17.10

pull/275/head
Andrew Heberle 2021-12-01 06:05:50 +00:00
parent 476a519aa8
commit 811074bd17
65 changed files with 4609 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/haproxy/haproxy-1.17.1000.tgz Normal file
View File

Binary file not shown.

21
charts/haproxy/haproxy/1.17.1000/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

25
charts/haproxy/haproxy/1.17.1000/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
catalog.cattle.io/release-name: haproxy
apiVersion: v2
appVersion: 1.7.2
description: A Helm chart for HAProxy Kubernetes Ingress Controller
home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png
keywords:
- ingress
- haproxy
kubeVersion: '>=1.17.0-0'
maintainers:
- email: mmhedhbi@haproxy.com
name: Moemen Mhedhbi
- email: bassmann@haproxy.com
name: Baptiste Assmann
- email: dkorunic@haproxy.com
name: Dinko Korunic
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
type: application
version: 1.17.1000

274
charts/haproxy/haproxy/1.17.1000/README.md Normal file
View File

@ -0,0 +1,274 @@
# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy")
## HAProxy Kubernetes Ingress Controller
An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration.
Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/kubernetes/latest/).
Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md).
## Introduction
This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
### Prerequisites
- Kubernetes 1.12+
- Helm 2.9+
## Before you begin
### Setting up a Kubernetes Cluster
The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides.
For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/).
### Install Helm
Get the latest [Helm release](https://github.com/helm/helm#install).
### Adding Helm chart repo
Once you have Helm installed, add the repo as follows:
```console
helm repo add haproxytech https://haproxytech.github.io/helm-charts
helm repo update
```
## Installing the chart
To install the chart with Helm v3 as _my-release_ deployment:
```console
helm install my-release haproxytech/kubernetes-ingress
```
**_NOTE_**: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter:
```console
helm install haproxytech/kubernetes-ingress \
--name my-release
```
By default Helm chart will install several [custom resource definitions](https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress/crds) in the cluster if they are missing.
### Installing with unique name
To auto-generate controller and its resources names when installing, use the following:
```console
helm install haproxytech/kubernetes-ingress \
--generate-name
```
### Installing from a private registry
To install the chart using a private registry for controller into a separate namespace _prod_.
**_NOTE_**: Helm v3 requires namespace to be precreated (eg. with `kubectl create namespace prod`)
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--namespace prod \
--set controller.image.tag=SOMETAG \
--set controller.imageCredentials.registry=myregistry.domain.com \
--set controller.imageCredentials.username=MYUSERNAME \
--set controller.imageCredentials.password=MYPASSWORD
```
Alternatively, use a pre-configured (existing) imagePullSecret in the same namespace:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--namespace prod \
--set controller.image.tag=SOMETAG \
--set controller.existingImagePullSecret name-of-existing-image-pull-secret
```
### Using values from YAML file
As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm:
_mylb.yaml_:
```yaml
controller:
kind: DaemonSet
ingressClass: haproxy
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
```
And invoking Helm becomes (compare to the previous example):
```console
helm install my-ingress -f mylb.yml haproxytech/kubernetes-ingress
```
A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) :
```yaml
controller:
service:
tcpPorts:
- name: mysql
port: 3306
targetPort: 3306
extraArgs:
- --configmap-tcp-services=default/tcp
```
### Installing as DaemonSet
Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet
```
### Installing in multi-ingress environment
It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers):
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet \
--set controller.ingressClass=haproxy
```
**_NOTE_**: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation.
### Installing with service annotations
On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet \
--set controller.ingressClass=haproxy \
--set controller.service.type=LoadBalancer \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true"
```
**_NOTE_**: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string.
### Installing with Horizontal Pod Autoscaler (HPA)
[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count for the controller:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.autoscaling.enabled=true
```
### Installing the ServiceMonitor
If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs.
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.serviceMonitor.enabled=true
```
### Installing with Kubernetes Event-driven Autoscaling (KEDA)
[KEDA](https://keda.sh/docs/2.3/concepts/scaling-deployments/) is an improved scaling solution built on top of HPA which allows autoscaling criteria based on information from any event source including Prometheus metrics collected from HAProxy native Prometheus Exporter.
To enable KEDA, you will also need to install Prometheus Operator and ServiceMonitor enabled (serverAddress has to match `prometheus-kube-prometheus-prometheus` service IP):
_mykeda.yaml_:
```yaml
controller:
kind: Deployment
serviceMonitor:
enabled: true
keda:
enabled: true
minReplicas: 1
maxReplicas: 5
triggers:
- type: prometheus
metadata:
serverAddress: http://10.96.206.247:9090
metricName: haproxy_frontend_current_sessions
threshold: "100"
query: sum(rate(haproxy_frontend_current_sessions{proxy="http"}[2m]))
```
Note: Other options to trigger scaling can be found in Prometheus [native exporter documentation](https://github.com/haproxy/haproxy/blob/master/addons/promex/README), but some ideas are:
- `haproxy_process_idle_time_percent`
- `haproxy_frontend_current_sessions`
- `haproxy_backend_current_queue`
And to install:
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add kedacore https://kedacore.github.io/charts
helm repo update
helm install prometheus prometheus-community/kube-prometheus-stack \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
kubectl create namespace keda
helm install keda kedacore/keda --namespace keda
helm install mytest haproxytech/kubernetes-ingress -f mykeda.yaml
```
## Upgrading the chart
To upgrade the _my-release_ deployment:
```console
helm upgrade my-release haproxytech/kubernetes-ingress
```
By default Helm [does not upgrade](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) CRDs during an upgrade, so before doing an upgrade it is mandatory to upgrade CRDs to the latest version by hand **before** doing a Helm chart upgrade.
```console
kubectl apply -f https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/crds/core.haproxy.org_defaults.yaml
kubectl apply -f https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/crds/core.haproxy.org_globals.yaml
kubectl apply -f https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/crds/core.haproxy.org_backends.yaml
```
## Uninstalling the chart
To uninstall/delete the _my-release_ deployment:
```console
helm delete my-release
```
## Debugging
It is possible to generate a set of YAML files for testing/debugging:
```console
helm install my-release haproxytech/kubernetes-ingress \
--debug \
--dry-run
```
## Contributing
We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution.

8
charts/haproxy/haproxy/1.17.1000/app-readme.md Normal file
View File

@ -0,0 +1,8 @@
# HAProxy
[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment.
# HAProxy Enterprise
[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code.
## Introduction
This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager.

BIN
charts/haproxy/haproxy/1.17.1000/chart-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

4
charts/haproxy/haproxy/1.17.1000/ci/daemonset-customconfig-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
config:
rate-limit: "ON"

7
charts/haproxy/haproxy/1.17.1000/ci/daemonset-customnodeport-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
service:
type: NodePort
ports:
8000: 10000
8001: 10001

2
charts/haproxy/haproxy/1.17.1000/ci/daemonset-default-values.yaml Normal file
View File

@ -0,0 +1,2 @@
controller:
kind: DaemonSet

4
charts/haproxy/haproxy/1.17.1000/ci/daemonset-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
defaultBackend:
enabled: false

4
charts/haproxy/haproxy/1.17.1000/ci/daemonset-disabledsecretconfig-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
defaultTLSSecret:
enabled: false

7
charts/haproxy/haproxy/1.17.1000/ci/daemonset-enableports-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
service:
enablePorts:
http: false
https: true
stat: false

4
charts/haproxy/haproxy/1.17.1000/ci/daemonset-extraargs-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
extraArgs:
- --namespace-whitelist=default

7
charts/haproxy/haproxy/1.17.1000/ci/daemonset-extraenvs-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
extraEnvs:
- name: TEST_STR1
value: foo
- name: TEST_STR2
value: baz

8
charts/haproxy/haproxy/1.17.1000/ci/daemonset-hostport-values.yaml Normal file
View File

@ -0,0 +1,8 @@
controller:
kind: DaemonSet
daemonset:
useHostPort: true
hostPorts:
http: 80
https: 443
stat: 1024

6
charts/haproxy/haproxy/1.17.1000/ci/daemonset-ingressclass-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
kind: DaemonSet
ingressClass: haproxy
ingressClassResource:
enabled: true
default: true

4
charts/haproxy/haproxy/1.17.1000/ci/daemonset-nodeport-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
service:
type: NodePort

5
charts/haproxy/haproxy/1.17.1000/ci/daemonset-publishservice-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
kind: DaemonSet
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

5
charts/haproxy/haproxy/1.17.1000/ci/daemonset-serviceannotation-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
kind: DaemonSet
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

3
charts/haproxy/haproxy/1.17.1000/ci/deployment-customconfig-values.yaml Normal file
View File

@ -0,0 +1,3 @@
controller:
config:
rate-limit: "ON"

6
charts/haproxy/haproxy/1.17.1000/ci/deployment-customnodeport-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
service:
type: NodePort
ports:
8000: 10000
8001: 10001

1
charts/haproxy/haproxy/1.17.1000/ci/deployment-default-values.yaml Normal file
View File

@ -0,0 +1 @@
#

2
charts/haproxy/haproxy/1.17.1000/ci/deployment-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,2 @@
defaultBackend:
enabled: false

3
charts/haproxy/haproxy/1.17.1000/ci/deployment-disabledsecretconfig-values.yaml Normal file
View File

@ -0,0 +1,3 @@
controller:
defaultTLSSecret:
enabled: false

6
charts/haproxy/haproxy/1.17.1000/ci/deployment-enableports-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
service:
enablePorts:
http: false
https: true
stat: false

3
charts/haproxy/haproxy/1.17.1000/ci/deployment-extraargs-values.yaml Normal file
View File

@ -0,0 +1,3 @@
controller:
extraArgs:
- --namespace-whitelist=default

6
charts/haproxy/haproxy/1.17.1000/ci/deployment-extraenvs-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
extraEnvs:
- name: TEST_STR1
value: foo
- name: TEST_STR2
value: baz

14
charts/haproxy/haproxy/1.17.1000/ci/deployment-hpa-values.yaml Normal file
View File

@ -0,0 +1,14 @@
controller:
kind: Deployment
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
defaultBackend:
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 50

5
charts/haproxy/haproxy/1.17.1000/ci/deployment-ingressclass-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
ingressClass: haproxy
ingressClassResource:
enabled: true
default: true

3
charts/haproxy/haproxy/1.17.1000/ci/deployment-nodeport-values.yaml Normal file
View File

@ -0,0 +1,3 @@
controller:
service:
type: NodePort

2
charts/haproxy/haproxy/1.17.1000/ci/deployment-psp-values.yaml Normal file
View File

@ -0,0 +1,2 @@
podSecurityPolicy:
enabled: true

4
charts/haproxy/haproxy/1.17.1000/ci/deployment-publishservice-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
publishService:
enabled: true

5
charts/haproxy/haproxy/1.17.1000/ci/deployment-replicacount-unset.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
replicaCount: null
defaultBackend:
replicaCount: null

717
charts/haproxy/haproxy/1.17.1000/crds/core.haproxy.org_backends.yaml Normal file
View File

@ -0,0 +1,717 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: backends.core.haproxy.org
spec:
group: core.haproxy.org
names:
kind: Backend
plural: backends
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
config:
title: Backend
description: HAProxy backend configuration
type: object
properties:
name:
type: string
pattern: ^[A-Za-z0-9-_.:]+$
balance:
type: object
required:
- algorithm
properties:
algorithm:
type: string
enum:
- roundrobin
- static-rr
- leastconn
- first
- source
- uri
- url_param
- hdr
- random
- rdp-cookie
uri_whole:
type: boolean
uri_len:
type: integer
uri_depth:
type: integer
url_param:
type: string
pattern: ^[^\s]+$
url_param_check_post:
type: integer
url_param_max_wait:
type: integer
hdr_name:
type: string
hdr_use_domain_only:
type: boolean
random_draws:
type: integer
rdp_cookie_name:
type: string
pattern: ^[^\s]+$
uri_path_only:
type: boolean
hash_type:
type: object
properties:
method:
type: string
enum:
- map-based
- consistent
function:
type: string
enum:
- sdbm
- djb2
- wt6
- crc32
modifier:
type: string
enum:
- avalanche
http-check:
type: object
required:
- type
properties:
type:
type: string
enum:
- disable-on-404
- expect
- send-state
exclamation_mark:
type: boolean
match:
type: string
enum:
- status
- rstatus
- string
- rstring
pattern: ^[^\s]+$
pattern:
type: string
bind_process:
type: string
pattern: ^[^\s]+$
mode:
type: string
enum:
- http
- tcp
allbackups:
type: string
enum:
- enabled
- disabled
http-buffer-request:
type: string
enum:
- enabled
- disabled
log_tag:
type: string
pattern: ^[^\s]+$
http_connection_mode:
type: string
enum:
- httpclose
- http-server-close
- http-keep-alive
http_pretend_keepalive:
type: string
enum:
- enabled
- disabled
abortonclose:
type: string
enum:
- enabled
- disabled
forwardfor:
type: object
required:
- enabled
properties:
enabled:
type: string
enum:
- enabled
except:
type: string
pattern: ^[^\s]+$
header:
type: string
pattern: ^[^\s]+$
ifnone:
type: boolean
cookie:
type: object
required:
- name
properties:
name:
type: string
pattern: ^[^\s]+$
type:
type: string
enum:
- rewrite
- insert
- prefix
indirect:
type: boolean
nocache:
type: boolean
postonly:
type: boolean
preserve:
type: boolean
httponly:
type: boolean
secure:
type: boolean
domain:
type: array
items:
type: object
properties:
value:
type: string
pattern: ^[^\s]+$
maxidle:
type: integer
maxlife:
type: integer
dynamic:
type: boolean
default_server:
title: Default Server
type: object
properties:
init-addr:
pattern: ^[^\s]+$
type: string
inter:
type: integer
nullable: true
fastinter:
type: integer
nullable: true
downinter:
type: integer
nullable: true
rise:
type: integer
nullable: true
fall:
type: integer
nullable: true
check-sni:
type: string
pattern: ^[^\s]+$
slowstart:
type: integer
nullable: true
sni:
type: string
pattern: ^[^\s]+$
check-ssl:
type: string
enum:
- enabled
- disabled
check-send-proxy:
type: string
enum:
- enabled
- disabled
ca_file:
type: string
enabled:
type: string
enum:
- enabled
- disabled
disabled:
type: string
enum:
- enabled
- disabled
port:
type: integer
minimum: 1
maximum: 65535
nullable: true
resolvers:
type: string
pattern: ^[^\s]+$
resolve-prefer:
type: string
enum:
- ipv4
- ipv6
pattern: ^[^\s]+$
resolve-net:
type: string
pattern: ^[^\s]+$
name:
type: string
pattern: ^[^\s]+$
address:
type: string
pattern: ^[^\s]+$
health_check_port:
type: integer
nullable: true
minimum: 1
maximum: 65535
ssl_certificate:
type: string
pattern: ^[^\s]+$
agent-check:
type: string
enum:
- enabled
- disabled
agent-send:
type: string
agent-inter:
type: integer
nullable: true
agent-addr:
type: string
pattern: ^[^\s]+$
agent-port:
type: integer
nullable: true
minimum: 1
maximum: 65535
allow_0rtt:
type: boolean
alpn:
type: string
pattern: ^[^\s]+$
backup:
type: string
enum:
- enabled
- disabled
check:
type: string
enum:
- enabled
- disabled
check_alpn:
type: string
pattern: ^[^\s]+$
check_proto:
type: string
pattern: ^[^\s]+$
check_via_socks4:
type: string
enum:
- enabled
- disabled
ciphers:
type: string
ciphersuites:
type: string
cookie:
type: string
pattern: ^[^\s]+$
crl_file:
type: string
error_limit:
type: integer
force_sslv3:
type: string
enum:
- enabled
- disabled
force_tlsv10:
type: string
enum:
- enabled
- disabled
force_tlsv11:
type: string
enum:
- enabled
- disabled
force_tlsv12:
type: string
enum:
- enabled
- disabled
force_tlsv13:
type: string
enum:
- enabled
- disabled
log_proto:
type: string
enum:
- legacy
- octet-count
maxconn:
type: integer
nullable: true
maxqueue:
type: integer
nullable: true
max_reuse:
type: integer
nullable: true
minconn:
type: integer
nullable: true
namespace:
type: string
no_sslv3:
type: string
enum:
- enabled
- disabled
no_tlsv10:
type: string
enum:
- enabled
- disabled
no_tlsv11:
type: string
enum:
- enabled
- disabled
no_tlsv12:
type: string
enum:
- enabled
- disabled
no_tlsv13:
type: string
enum:
- enabled
- disabled
no_verifyhost:
type: string
enum:
- enabled
- disabled
npn:
type: string
observe:
type: string
enum:
- layer4
- layer7
on-error:
type: string
enum:
- fastinter
- fail-check
- sudden-death
- mark-down
on-marked-down:
type: string
enum:
- shutdown-sessions
on-marked-up:
type: string
enum:
- shutdown-backup-sessions
pool_low_conn:
type: integer
nullable: true
pool_max_conn:
type: integer
nullable: true
pool_purge_delay:
type: integer
nullable: true
proto:
type: string
pattern: ^[^\s]+$
redir:
type: string
resolve_opts:
type: string
pattern: ^[^,\s][^\,]*[^,\s]*$
send-proxy:
type: string
enum:
- enabled
- disabled
send-proxy-v2:
type: string
enum:
- enabled
- disabled
proxy-v2-options:
type: array
items:
type: string
enum:
- ssl
- cert-cn
- ssl-cipher
- cert-sig
- cert-key
- authority
- crc32c
- unique-id
send_proxy_v2_ssl:
type: string
enum:
- enabled
- disabled
send_proxy_v2_ssl_cn:
type: string
enum:
- enabled
- disabled
source:
type: string
ssl:
type: string
enum:
- enabled
- disabled
ssl_max_ver:
type: string
enum:
- SSLv3
- TLSv1.0
- TLSv1.1
- TLSv1.2
- TLSv1.3
ssl_min_ver:
type: string
enum:
- SSLv3
- TLSv1.0
- TLSv1.1
- TLSv1.2
- TLSv1.3
ssl_reuse:
type: string
enum:
- enabled
- disabled
stick:
type: string
enum:
- enabled
- disabled
socks4:
type: string
pattern: ^[^\s]+$
tcp_ut:
type: integer
tfo:
type: string
enum:
- enabled
- disabled
track:
type: string
tls_tickets:
type: string
enum:
- enabled
- disabled
verify:
type: string
enum:
- none
- required
verifyhost:
type: string
weight:
type: integer
nullable: true
check_timeout:
type: integer
nullable: true
adv_check:
type: string
enum:
- ssl-hello-chk
- smtpchk
- ldap-check
- mysql-check
- pgsql-check
- tcp-check
- redis-check
- httpchk
smtpchk_params:
type: object
properties:
hello:
type: string
domain:
type: string
mysql_check_params:
type: object
properties:
username:
type: string
client_version:
type: string
enum:
- pre-41
- post-41
pgsql_check_params:
type: object
properties:
username:
type: string
external_check:
type: string
enum:
- enabled
- disabled
external_check_path:
type: string
pattern: ^[^\s]+$
external_check_command:
type: string
pattern: ^[^\s]+$
queue_timeout:
type: integer
nullable: true
connect_timeout:
type: integer
nullable: true
http_request_timeout:
type: integer
nullable: true
http_keep_alive_timeout:
type: integer
nullable: true
retries:
type: integer
nullable: true
redispatch:
type: object
required:
- enabled
properties:
enabled:
type: string
enum:
- enabled
- disabled
interval:
type: integer
server_timeout:
type: integer
nullable: true
tunnel_timeout:
type: integer
nullable: true
httpchk_params:
type: object
properties:
method:
type: string
enum:
- HEAD
- PUT
- POST
- GET
- TRACE
- PATCH
uri:
type: string
pattern: ^[^ ]*$
version:
type: string
http_reuse:
type: string
enum:
- aggressive
- always
- never
- safe
stick_table:
type: object
properties:
type:
type: string
enum:
- ip
- ipv6
- integer
- string
- binary
keylen:
type: integer
nullable: true
size:
type: integer
nullable: true
expire:
type: integer
nullable: true
nopurge:
type: boolean
peers:
type: string
pattern: ^[^\s]+$
store:
type: string
pattern: ^[^\s]+$
http-use-htx:
type: string
enum:
- enabled
- disabled
pattern: ^[^\s]+$
stats_options:
type: object
properties:
stats_enable:
type: boolean
stats_hide_version:
type: boolean
stats_maxconn:
type: integer
minimum: 1
stats_refresh_delay:
type: integer
nullable: true
stats_show_desc:
type: string
nullable: true
stats_show_legends:
type: boolean
stats_show_node_name:
type: string
pattern: ^[^\s]+$
nullable: true
stats_uri_prefix:
type: string
pattern: ^[^\s]+$

742
charts/haproxy/haproxy/1.17.1000/crds/core.haproxy.org_defaults.yaml Normal file
View File

@ -0,0 +1,742 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: defaults.core.haproxy.org
spec:
group: core.haproxy.org
names:
kind: Defaults
plural: defaults
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
required:
- config
properties:
config:
title: Defaults
description: HAProxy defaults configuration
type: object
properties:
mode:
type: string
enum:
- tcp
- http
balance:
type: object
required:
- algorithm
properties:
algorithm:
type: string
enum:
- roundrobin
- static-rr
- leastconn
- first
- source
- uri
- url_param
- hdr
- random
- rdp-cookie
uri_whole:
type: boolean
uri_len:
type: integer
uri_depth:
type: integer
url_param:
type: string
pattern: ^[^\s]+$
url_param_check_post:
type: integer
url_param_max_wait:
type: integer
hdr_name:
type: string
hdr_use_domain_only:
type: boolean
random_draws:
type: integer
rdp_cookie_name:
type: string
pattern: ^[^\s]+$
uri_path_only:
type: boolean
maxconn:
type: integer
nullable: true
adv_check:
type: string
enum:
- ssl-hello-chk
- smtpchk
- ldap-check
- mysql-check
- pgsql-check
- tcp-check
- redis-check
- httpchk
smtpchk_params:
type: object
properties:
hello:
type: string
domain:
type: string
mysql_check_params:
type: object
properties:
username:
type: string
client_version:
type: string
enum:
- pre-41
- post-41
pgsql_check_params:
type: object
properties:
username:
type: string
httpchk_params:
type: object
properties:
method:
type: string
enum:
- HEAD
- PUT
- POST
- GET
- TRACE
- PATCH
uri:
type: string
pattern: ^[^ ]*$
version:
type: string
http-check:
type: object
required:
- type
properties:
type:
type: string
enum:
- disable-on-404
- expect
- send-state
exclamation_mark:
type: boolean
match:
type: string
enum:
- status
- rstatus
- string
- rstring
pattern: ^[^\s]+$
pattern:
type: string
bind_process:
type: string
pattern: ^[^\s]+$
http_connection_mode:
type: string
enum:
- httpclose
- http-server-close
- http-keep-alive
http_pretend_keepalive:
type: string
enum:
- enabled
- disabled
abortonclose:
type: string
enum:
- enabled
- disabled
http-use-htx:
type: string
enum:
- enabled
- disabled
dontlognull:
type: string
enum:
- enabled
- disabled
http-buffer-request:
type: string
enum:
- enabled
- disabled
httplog:
type: boolean
clflog:
type: boolean
tcplog:
type: boolean
log_format:
type: string
log_format_sd:
type: string
log_tag:
type: string
pattern: ^[^\s]+$
log_separate_errors:
type: string
enum:
- enabled
- disabled
clitcpka:
type: string
enum:
- enabled
- disabled
forwardfor:
type: object
required:
- enabled
properties:
enabled:
type: string
enum:
- enabled
except:
type: string
pattern: ^[^\s]+$
header:
type: string
pattern: ^[^\s]+$
ifnone:
type: boolean
check_timeout:
type: integer
nullable: true
connect_timeout:
type: integer
nullable: true
contstats:
type: string
enum:
- enabled
cookie:
type: object
required:
- name
properties:
name:
type: string
pattern: ^[^\s]+$
type:
type: string
enum:
- rewrite
- insert
- prefix
indirect:
type: boolean
nocache:
type: boolean
postonly:
type: boolean
preserve:
type: boolean
httponly:
type: boolean
secure:
type: boolean
domain:
type: array
items:
type: object
properties:
value:
type: string
pattern: ^[^\s]+$
maxidle:
type: integer
maxlife:
type: integer
dynamic:
type: boolean
client_timeout:
type: integer
nullable: true
client_fin_timeout:
type: integer
nullable: true
http_request_timeout:
type: integer
nullable: true
http_keep_alive_timeout:
type: integer
nullable: true
http_reuse:
type: string
enum:
- aggressive
- always
- never
- safe
server_timeout:
type: integer
nullable: true
server_fin_timeout:
type: integer
nullable: true
queue_timeout:
type: integer
nullable: true
tunnel_timeout:
type: integer
nullable: true
external_check:
type: string
enum:
- enabled
- disabled
external_check_path:
type: string
pattern: ^[^\s]+$
external_check_command:
type: string
pattern: ^[^\s]+$
redispatch:
type: object
required:
- enabled
properties:
enabled:
type: string
enum:
- enabled
- disabled
interval:
type: integer
retries:
type: integer
nullable: true
default_backend:
type: string
pattern: ^[A-Za-z0-9-_.:]+$
default_server:
title: Default Server
type: object
properties:
init-addr:
pattern: ^[^\s]+$
type: string
inter:
type: integer
nullable: true
fastinter:
type: integer
nullable: true
downinter:
type: integer
nullable: true
rise:
type: integer
nullable: true
fall:
type: integer
nullable: true
check-sni:
type: string
pattern: ^[^\s]+$
slowstart:
type: integer
nullable: true
sni:
type: string
pattern: ^[^\s]+$
check-ssl:
type: string
enum:
- enabled
- disabled
check-send-proxy:
type: string
enum:
- enabled
- disabled
ca_file:
type: string
enabled:
type: string
enum:
- enabled
- disabled
disabled:
type: string
enum:
- enabled
- disabled
port:
type: integer
minimum: 1
maximum: 65535
nullable: true
resolvers:
type: string
pattern: ^[^\s]+$
resolve-prefer:
type: string
enum:
- ipv4
- ipv6
pattern: ^[^\s]+$
resolve-net:
type: string
pattern: ^[^\s]+$
name:
type: string
pattern: ^[^\s]+$
address:
type: string
pattern: ^[^\s]+$
health_check_port:
type: integer
nullable: true
minimum: 1
maximum: 65535
ssl_certificate:
type: string
pattern: ^[^\s]+$
agent-check:
type: string
enum:
- enabled
- disabled
agent-send:
type: string
agent-inter:
type: integer
nullable: true
agent-addr:
type: string
pattern: ^[^\s]+$
agent-port:
type: integer
nullable: true
minimum: 1
maximum: 65535
allow_0rtt:
type: boolean
alpn:
type: string
pattern: ^[^\s]+$
backup:
type: string
enum:
- enabled
- disabled
check:
type: string
enum:
- enabled
- disabled
check_alpn:
type: string
pattern: ^[^\s]+$
check_proto:
type: string
pattern: ^[^\s]+$
check_via_socks4:
type: string
enum:
- enabled
- disabled
ciphers:
type: string
ciphersuites:
type: string
cookie:
type: string
pattern: ^[^\s]+$
crl_file:
type: string
error_limit:
type: integer
force_sslv3:
type: string
enum:
- enabled
- disabled
force_tlsv10:
type: string
enum:
- enabled
- disabled
force_tlsv11:
type: string
enum:
- enabled
- disabled
force_tlsv12:
type: string
enum:
- enabled
- disabled
force_tlsv13:
type: string
enum:
- enabled
- disabled
log_proto:
type: string
enum:
- legacy
- octet-count
maxconn:
type: integer
nullable: true
maxqueue:
type: integer
nullable: true
max_reuse:
type: integer
nullable: true
minconn:
type: integer
nullable: true
namespace:
type: string
no_sslv3:
type: string
enum:
- enabled
- disabled
no_tlsv10:
type: string
enum:
- enabled
- disabled
no_tlsv11:
type: string
enum:
- enabled
- disabled
no_tlsv12:
type: string
enum:
- enabled
- disabled
no_tlsv13:
type: string
enum:
- enabled
- disabled
no_verifyhost:
type: string
enum:
- enabled
- disabled
npn:
type: string
observe:
type: string
enum:
- layer4
- layer7
on-error:
type: string
enum:
- fastinter
- fail-check
- sudden-death
- mark-down
on-marked-down:
type: string
enum:
- shutdown-sessions
on-marked-up:
type: string
enum:
- shutdown-backup-sessions
pool_low_conn:
type: integer
nullable: true
pool_max_conn:
type: integer
nullable: true
pool_purge_delay:
type: integer
nullable: true
proto:
type: string
pattern: ^[^\s]+$
redir:
type: string
resolve_opts:
type: string
pattern: ^[^,\s][^\,]*[^,\s]*$
send-proxy:
type: string
enum:
- enabled
- disabled
send-proxy-v2:
type: string
enum:
- enabled
- disabled
proxy-v2-options:
type: array
items:
type: string
enum:
- ssl
- cert-cn
- ssl-cipher
- cert-sig
- cert-key
- authority
- crc32c
- unique-id
send_proxy_v2_ssl:
type: string
enum:
- enabled
- disabled
send_proxy_v2_ssl_cn:
type: string
enum:
- enabled
- disabled
source:
type: string
ssl:
type: string
enum:
- enabled
- disabled
ssl_max_ver:
type: string
enum:
- SSLv3
- TLSv1.0
- TLSv1.1
- TLSv1.2
- TLSv1.3
ssl_min_ver:
type: string
enum:
- SSLv3
- TLSv1.0
- TLSv1.1
- TLSv1.2
- TLSv1.3
ssl_reuse:
type: string
enum:
- enabled
- disabled
stick:
type: string
enum:
- enabled
- disabled
socks4:
type: string
pattern: ^[^\s]+$
tcp_ut:
type: integer
tfo:
type: string
enum:
- enabled
- disabled
track:
type: string
tls_tickets:
type: string
enum:
- enabled
- disabled
verify:
type: string
enum:
- none
- required
verifyhost:
type: string
weight:
type: integer
nullable: true
error_files:
type: array
items:
type: object
properties:
code:
type: integer
enum:
- 200
- 400
- 403
- 405
- 408
- 425
- 429
- 500
- 502
- 503
- 504
file:
type: string
unique_id_format:
type: string
unique_id_header:
type: string
logasap:
type: string
enum:
- enabled
- disabled
allbackups:
type: string
enum:
- enabled
- disabled
stats_options:
type: object
properties:
stats_enable:
type: boolean
stats_hide_version:
type: boolean
stats_maxconn:
type: integer
minimum: 1
stats_refresh_delay:
type: integer
nullable: true
stats_show_desc:
type: string
nullable: true
stats_show_legends:
type: boolean
stats_show_node_name:
type: string
pattern: ^[^\s]+$
nullable: true
stats_uri_prefix:
type: string
pattern: ^[^\s]+$

202
charts/haproxy/haproxy/1.17.1000/crds/core.haproxy.org_globals.yaml Normal file
View File

@ -0,0 +1,202 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: globals.core.haproxy.org
spec:
group: core.haproxy.org
names:
kind: Global
plural: globals
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
config:
title: Global
description: HAProxy global configuration
type: object
properties:
chroot:
type: string
pattern: '^[^\s]+$'
group:
type: string
pattern: '^[^\s]+$'
hard_stop_after:
type: integer
user:
type: string
pattern: '^[^\s]+$'
daemon:
type: string
enum: [enabled, disabled]
nbproc:
type: integer
nbthread:
type: integer
master-worker:
type: boolean
external_check:
type: boolean
pidfile:
type: string
maxconn:
type: integer
server_state_base:
type: string
pattern: '^[^\s]+$'
tune_ssl_default_dh_param:
type: integer
ssl_default_bind_options:
type: string
ssl_default_bind_ciphers:
type: string
ssl_default_bind_ciphersuites:
type: string
ssl_default_server_options:
type: string
ssl_default_server_ciphers:
type: string
ssl_default_server_ciphersuites:
type: string
ssl_mode_async:
type: string
enum: [enabled, disabled]
cpu_maps:
type: array
items:
type: object
required:
- process
- cpu_set
properties:
process:
type: string
cpu_set:
type: string
runtime_apis:
type: array
items:
type: object
required:
- address
properties:
address:
type: string
pattern: '^[^\s]+$'
mode:
type: string
pattern: '^[^\s]+$'
level:
type: string
enum: [user, operator, admin]
process:
type: string
pattern: '^[^\s]+$'
exposeFdListeners:
type: boolean
stats_timeout:
type: integer
lua_loads:
type: array
items:
type: object
required:
- file
properties:
file:
type: string
pattern: '^[^\s]+$'
log_send_hostname:
type: object
required:
- enabled
properties:
enabled:
type: string
enum: [enabled, disabled]
param:
type: string
pattern: '^[^\s]+$'
log_targets:
type: array
items:
type: object
required:
- address
- facility
properties:
index:
type: integer
nullable: true
address:
type: string
pattern: ^[^\s]+$
length:
type: integer
format:
type: string
enum:
- rfc3164
- rfc5424
- short
- raw
facility:
type: string
enum:
- kern
- user
- mail
- daemon
- auth
- syslog
- lpr
- news
- uucp
- cron
- auth2
- ftp
- ntp
- audit
- alert
- cron2
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
level:
type: string
enum:
- emerg
- alert
- crit
- err
- warning
- notice
- info
- debug
minlevel:
type: string
enum:
- emerg
- alert
- crit
- err
- warning
- notice
- info
- debug

72
charts/haproxy/haproxy/1.17.1000/questions.yml Normal file
View File

@ -0,0 +1,72 @@
questions:
- variable: imageDefault
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
group: "Settings"
show_subquestion_if: false
subquestions:
- variable: controller.image.tag
default: "1.7.2"
description: "HAProxy Ingress Controller Tag"
type: string
label: HAProxy Ingress Controller Tag
- variable: controller.kind
type: enum
options:
- "DaemonSet"
- "Deployment"
default: "Deployment"
description: "Deployment Type"
label: Deployment Type
group: "Settings"
- variable: controller.service.type
type: enum
options:
- "LoadBalancer"
- "NodePort"
default: "NodePort"
description: "Service Type for HAProxy Ingress Controller"
label: Service Type
group: "Settings"
- variable: controller.ingressClass
default: ""
description: "Ingress Class for targeting this controller"
label: Ingress Class
type: string
group: "Settings"
- variable: controller.defaultTLSSecret.secret
default: ""
description: "Default TLS certificate secret"
label: TLS Certificate Secret
type: string
group: "Settings"
- variable: enableEnterprise
default: false
description: "Use HAProxy Enterprise"
label: Enable
type: boolean
group: "HAProxy Enterprise"
show_subquestion_if: true
subquestions:
- variable: controller.imageCredentials.registry
type: string
default: "kubernetes-registry.haproxy.com"
description: "HAProxy Enterprise Registtry"
label: Registry
- variable: controller.image.repository
type: string
default: "kubernetes-registry.haproxy.com/hapee-ingress"
description: "HAProxy Enterprise Registry"
label: Repository
- variable: controller.imageCredentials.username
type: string
default: "MYUSERNAME"
description: "HAProxy Enterprise Username"
label: Username
- variable: controller.imageCredentials.password
type: string
default: "MYPASSWORD"
description: "HAProxy Enterprise Password"
label: Password

69
charts/haproxy/haproxy/1.17.1000/templates/NOTES.txt Normal file
View File

@ -0,0 +1,69 @@
HAProxy Kubernetes Ingress Controller has been successfully installed.
Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}".
Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type.
{{- if .Values.rbac.create}}
RBAC authorization is enabled.
{{- else}}
RBAC authorization is disabled.
{{- end}}
{{- if .Values.controller.ingressClass}}
Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for
Ingress resource.
{{- end}}
Service ports mapped are:
{{- if eq .Values.controller.kind "Deployment" }}
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- end }}
{{- end }}
{{- if eq .Values.controller.kind "DaemonSet" }}
{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
hostPort: {{ index $hostPorts $key | default $value }}
{{- end }}
{{- end }}
Node IP can be found with:
$ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}"
The following ingress resource routes traffic to pods that match the following:
* service name: web
* client's Host header: webdemo.com
* path begins with /
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
namespace: default
annotations:
ingress.class: "haproxy"
spec:
rules:
- host: webdemo.com
http:
paths:
- path: /
backend:
serviceName: web
servicePort: 80
In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it
with helm chart option controller.ingressClass.
For more examples and up to date documentation, please visit:
* Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
* Controller documentation: https://www.haproxy.com/documentation/kubernetes/latest/
* Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
* Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md

130
charts/haproxy/haproxy/1.17.1000/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,130 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kubernetes-ingress.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kubernetes-ingress.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kubernetes-ingress.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Encode an imagePullSecret string.
*/}}
{{- define "kubernetes-ingress.imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }}
{{- end }}
{{/*
Generate default certificate for HAProxy.
*/}}
{{- define "kubernetes-ingress.gen-certs" -}}
{{- $ca := genCA "kubernetes-ingress-ca" 365 -}}
{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}}
{{- $cert := genSignedCert $cn nil nil 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end -}}
{{/*
Create the name of the controller service account to use.
*/}}
{{- define "kubernetes-ingress.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
*/}}
{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}}
{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}}
{{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.defaultBackend.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified default backend name.
*/}}
{{- define "kubernetes-ingress.defaultBackend.fullname" -}}
{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified default cert secret name.
*/}}
{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}}
{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct the path for the publish-service.
By default this will use the <namespace>/<service-name> matching the controller's service name.
Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride`
*/}}
{{- define "kubernetes-ingress.publishServicePath" -}}
{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}}
{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }}
{{- print $servicePath | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct the syslog-server annotation
*/}}
{{- define "kubernetes-ingress.syslogServer" -}}
{{- range $key, $val := .Values.controller.logging.traffic -}}
{{- printf "%s:%s, " $key $val }}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified ServiceMonitor name.
*/}}
{{- define "kubernetes-ingress.serviceMonitorName" -}}
{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* vim: set filetype=mustache: */}}

89
charts/haproxy/haproxy/1.17.1000/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,89 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- services
- namespaces
- events
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
- ingresses/status
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- patch
- update
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- apiGroups:
- core.haproxy.org
resources:
- '*'
verbs:
- get
- list
- watch
- update
{{- end -}}

37
charts/haproxy/haproxy/1.17.1000/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kubernetes-ingress.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

34
charts/haproxy/haproxy/1.17.1000/templates/controller-configmap.yaml Normal file
View File

@ -0,0 +1,34 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
data:
{{- if .Values.controller.logging.traffic }}
syslog-server: {{ template "kubernetes-ingress.syslogServer" . }}
{{- end }}
{{- if .Values.controller.config }}
{{ toYaml .Values.controller.config | indent 2 }}
{{- end }}

242
charts/haproxy/haproxy/1.17.1000/templates/controller-daemonset.yaml Normal file
View File

@ -0,0 +1,242 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if eq .Values.controller.kind "DaemonSet" }}
{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}}
{{- $useHostPort := .Values.controller.daemonset.useHostPort -}}
{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
{{- end }}
spec:
minReadySeconds: 0
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8 }}
{{- end }}
{{- if .Values.controller.podAnnotations }}
annotations:
{{ toYaml .Values.controller.podAnnotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if $useHostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }}
imagePullSecrets:
- name: {{ template "kubernetes-ingress.fullname" . }}
{{- else if .Values.controller.existingImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.controller.existingImagePullSecret }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}"
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
args:
{{- if .Values.controller.defaultTLSSecret.enabled -}}
{{- if and .Values.controller.defaultTLSSecret.secret .Values.controller.defaultTLSSecret.secretNamespace }}
- --default-ssl-certificate={{ tpl .Values.controller.defaultTLSSecret.secretNamespace . }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }}
{{- end }}
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
- --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
{{- end }}
{{- if .Values.controller.logging.level }}
- --log={{ .Values.controller.logging.level }}
{{- end }}
{{- range .Values.controller.extraArgs }}
- {{ . }}
{{- end }}
{{- if .Values.controller.unprivileged }}
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- if $useHostPort }}
hostPort: {{ index $hostPorts $key | default $value }}
{{- end }}
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- name: {{ .name }}-tcp
containerPort: {{ .port }}
protocol: TCP
{{- if $useHostPort }}
hostPort: {{ .port }}
{{- end }}
{{- end }}
{{- if .Values.controller.livenessProbe.enabled }}
livenessProbe:
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.livenessProbe.path }}
port: {{ .Values.controller.livenessProbe.port }}
scheme: {{ .Values.controller.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.readinessProbe.enabled }}
readinessProbe:
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.readinessProbe.path }}
port: {{ .Values.controller.readinessProbe.port }}
scheme: {{ .Values.controller.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.startupProbe.enabled }}
startupProbe:
failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.startupProbe.path }}
port: {{ .Values.controller.startupProbe.port }}
scheme: {{ .Values.controller.startupProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.controller.extraEnvs -}}
{{- toYaml .Values.controller.extraEnvs | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
{{- if .Values.controller.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
{{- end }}
{{- end}}
{{- if .Values.controller.extraContainers }}
{{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
initContainers:
{{- if .Values.controller.unprivileged }}
- name: sysctl
image: busybox:musl
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
{{- end }}
{{- with.Values.controller.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

35
charts/haproxy/haproxy/1.17.1000/templates/controller-defaultcertsecret.yaml Normal file
View File

@ -0,0 +1,35 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.defaultTLSSecret.enabled }}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "before-hook-creation"
data:
{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }}
{{- end }}

245
charts/haproxy/haproxy/1.17.1000/templates/controller-deployment.yaml Normal file
View File

@ -0,0 +1,245 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if eq .Values.controller.kind "Deployment" }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
{{- end }}
spec:
{{- if and (not .Values.controller.autoscaling.enabled) (not .Values.controller.keda.enabled) }}
replicas: {{ .Values.controller.replicaCount }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.controller.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8 }}
{{- end }}
{{- if .Values.controller.podAnnotations }}
annotations:
{{ toYaml .Values.controller.podAnnotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- with .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }}
imagePullSecrets:
- name: {{ template "kubernetes-ingress.fullname" . }}
{{- else if .Values.controller.existingImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.controller.existingImagePullSecret }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}"
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
args:
{{- if .Values.controller.defaultTLSSecret.enabled -}}
{{- if and .Values.controller.defaultTLSSecret.secret .Values.controller.defaultTLSSecret.secretNamespace }}
- --default-ssl-certificate={{ tpl .Values.controller.defaultTLSSecret.secretNamespace . }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }}
{{- end }}
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
- --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
{{- end }}
{{- if .Values.controller.logging.level }}
- --log={{ .Values.controller.logging.level }}
{{- end }}
{{- range .Values.controller.extraArgs }}
- {{ . }}
{{- end }}
{{- if .Values.controller.unprivileged }}
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- name: {{ .name }}-tcp
containerPort: {{ .targetPort }}
protocol: TCP
{{- end }}
{{- if .Values.controller.livenessProbe.enabled }}
livenessProbe:
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.livenessProbe.path }}
port: {{ .Values.controller.livenessProbe.port }}
scheme: {{ .Values.controller.livenessProbe.scheme }}
{{- if .Values.controller.livenessProbe.httpHeaders }}
httpHeaders: {{ toYaml .Values.controller.livenessProbe.httpHeaders | nindent 16 }}
{{- end }}
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.readinessProbe.enabled }}
readinessProbe:
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.readinessProbe.path }}
port: {{ .Values.controller.readinessProbe.port }}
scheme: {{ .Values.controller.readinessProbe.scheme }}
{{- if .Values.controller.readinessProbe.httpHeaders }}
httpHeaders: {{ toYaml .Values.controller.readinessProbe.httpHeaders | nindent 16 }}
{{- end }}
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.startupProbe.enabled }}
startupProbe:
failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.startupProbe.path }}
port: {{ .Values.controller.startupProbe.port }}
scheme: {{ .Values.controller.startupProbe.scheme }}
{{- if .Values.controller.startupProbe.httpHeaders }}
httpHeaders: {{ toYaml .Values.controller.startupProbe.httpHeaders | nindent 16 }}
{{- end }}
initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.controller.extraEnvs -}}
{{- toYaml .Values.controller.extraEnvs | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
{{- if .Values.controller.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
{{- end }}
{{- end}}
{{- if .Values.controller.extraContainers }}
{{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
initContainers:
{{- if .Values.controller.unprivileged }}
- name: sysctl
image: busybox:musl
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
{{- end }}
{{- with.Values.controller.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

58
charts/haproxy/haproxy/1.17.1000/templates/controller-hpa.yaml Normal file
View File

@ -0,0 +1,58 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }}
{{- if not .Values.controller.keda.enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "kubernetes-ingress.fullname" . }}
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics:
{{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.controller.autoscaling.custom }}
{{- toYaml .Values.controller.autoscaling.custom | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

46
charts/haproxy/haproxy/1.17.1000/templates/controller-ingressclass.yaml Normal file
View File

@ -0,0 +1,46 @@
{{/*
Copyright 2021 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
apiVersion: networking.k8s.io/v1
{{- else }}
apiVersion: networking.k8s.io/v1beta1
{{- end }}
kind: IngressClass
metadata:
name: {{ .Values.controller.ingressClassResource.name }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.ingressClassResource.default }}
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
{{- end }}
spec:
{{- if not .Values.controller.ingressClass }}
controller: haproxy.org/ingress-controller
{{- else }}
controller: haproxy.org/ingress-controller/{{ .Values.controller.ingressClass }}
{{- end }}
{{- if .Values.controller.ingressClassResource.parameters }}
parameters:
{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4 }}
{{- end }}
{{- end }}

52
charts/haproxy/haproxy/1.17.1000/templates/controller-keda.yaml Normal file
View File

@ -0,0 +1,52 @@
{{/*
Copyright 2021 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.keda.enabled }}
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.keda.scaledObject.annotations }}
annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
name: {{ template "kubernetes-ingress.fullname" . }}
pollingInterval: {{ .Values.controller.keda.pollingInterval }}
cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }}
minReplicaCount: {{ .Values.controller.keda.minReplicas }}
maxReplicaCount: {{ .Values.controller.keda.maxReplicas }}
triggers:
{{- with .Values.controller.keda.triggers }}
{{ toYaml . | indent 2 }}
{{ end }}
advanced:
restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }}
{{- if .Values.controller.keda.behavior }}
horizontalPodAutoscalerConfig:
behavior:
{{ with .Values.controller.keda.behavior -}}
{{ toYaml . | indent 8 }}
{{ end }}
{{- end }}
{{- end }}

44
charts/haproxy/haproxy/1.17.1000/templates/controller-poddisruptionbudget.yaml Normal file
View File

@ -0,0 +1,44 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.PodDisruptionBudget.enable }}
{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
{{- if .Values.controller.PodDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.controller.PodDisruptionBudget.maxUnavailable }}
{{- end }}
{{- if .Values.controller.PodDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.controller.PodDisruptionBudget.minAvailable }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

84
charts/haproxy/haproxy/1.17.1000/templates/controller-podsecuritypolicy.yaml Normal file
View File

@ -0,0 +1,84 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }}
{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }}
{{- $useHostPort := .Values.controller.daemonset.useHostPort }}
{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
{{- if .Capabilities.APIVersions.Has "policy/v1/PodSecurityPolicy" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodSecurityPolicy
metadata:
{{- if .Values.podSecurityPolicy.annotations }}
annotations:
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
name: {{ template "kubernetes-ingress.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false
fsGroup:
rule: MustRunAs
ranges:
- max: 65535
min: 1
{{- if $useHostNetwork }}
hostNetwork: true
{{- end }}
{{- if or $useHostPort $useHostNetwork }}
hostPorts:
{{- range $key, $value := .Values.controller.containerPort }}
- min: {{ $value }}
max: {{ $value }}
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- min: {{ .port }}
max: {{ .port }}
{{- end }}
{{- end }}
hostIPC: false
hostPID: false
privileged: false
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes:
- configMap
- downwardAPI
- secret
{{- end }}

32
charts/haproxy/haproxy/1.17.1000/templates/controller-pullsecret.yaml Normal file
View File

@ -0,0 +1,32 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.imageCredentials.registry }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }}
{{- end }}

38
charts/haproxy/haproxy/1.17.1000/templates/controller-role.yaml Normal file
View File

@ -0,0 +1,38 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
rules:
- apiGroups:
- "policy"
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "kubernetes-ingress.fullname" . }}
{{- end -}}

37
charts/haproxy/haproxy/1.17.1000/templates/controller-rolebinding.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubernetes-ingress.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

107
charts/haproxy/haproxy/1.17.1000/templates/controller-service.yaml Normal file
View File

@ -0,0 +1,107 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.service.labels }}
{{ toYaml .Values.controller.service.labels | indent 4 }}
{{- end }}
annotations:
{{- range $key, $value := .Values.controller.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }}
type: {{ .Values.controller.service.type }}
{{- if .Values.controller.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
{{- end }}
{{- if .Values.controller.service.healthCheckNodePort }}
healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
{{- end }}
ports:
{{- if .Values.controller.service.enablePorts.http }}
- name: http
port: {{ .Values.controller.service.ports.http }}
protocol: TCP
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
appProtocol: http
{{- end }}
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if .Values.controller.service.nodePorts.http }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enablePorts.https }}
- name: https
port: {{ .Values.controller.service.ports.https }}
protocol: TCP
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
appProtocol: https
{{- end }}
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if .Values.controller.service.nodePorts.https }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enablePorts.stat }}
- name: stat
port: {{ .Values.controller.service.ports.stat }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.stat }}
{{- if .Values.controller.service.nodePorts.stat }}
nodePort: {{ .Values.controller.service.nodePorts.stat }}
{{- end }}
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- name: {{ .name }}-tcp
port: {{ .port }}
protocol: TCP
targetPort: {{ .targetPort }}
{{- if .nodePort }}
nodePort: {{ .nodePort }}
{{- end }}
{{- end }}
selector:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.controller.service.sessionAffinity }}
sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
{{- end }}
externalIPs:
{{- if .Values.controller.service.externalIPs }}
{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
{{- end -}}
{{- if (eq .Values.controller.service.type "LoadBalancer") }}
{{- if .Values.controller.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.controller.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end }}
{{- end }}

29
charts/haproxy/haproxy/1.17.1000/templates/controller-serviceaccount.yaml Normal file
View File

@ -0,0 +1,29 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if or .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubernetes-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- end -}}

41
charts/haproxy/haproxy/1.17.1000/templates/controller-servicemonitor.yaml Normal file
View File

@ -0,0 +1,41 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.controller.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kubernetes-ingress.serviceMonitorName" . }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.serviceMonitor.extraLabels }}
{{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
{{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

85
charts/haproxy/haproxy/1.17.1000/templates/default-backend-deployment.yaml Normal file
View File

@ -0,0 +1,85 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.defaultBackend.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
{{- if not .Values.defaultBackend.autoscaling.enabled }}
replicas: {{ .Values.defaultBackend.replicaCount }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.defaultBackend.podLabels }}
{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
{{- end }}
{{- if .Values.defaultBackend.podAnnotations }}
annotations:
{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- with .Values.defaultBackend.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }}
image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.defaultBackend.containerPort }}
protocol: TCP
{{- if .Values.defaultBackend.extraEnvs }}
env:
{{- toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.defaultBackend.resources | nindent 12 }}
{{- with .Values.defaultBackend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.defaultBackend.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
terminationGracePeriodSeconds: 60
{{- with .Values.defaultBackend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

56
charts/haproxy/haproxy/1.17.1000/templates/default-backend-hpa.yaml Normal file
View File

@ -0,0 +1,56 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
metrics:
{{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.defaultBackend.autoscaling.custom }}
{{- toYaml .Values.defaultBackend.autoscaling.custom | nindent 4 }}
{{- end }}
{{- end }}

68
charts/haproxy/haproxy/1.17.1000/templates/default-backend-podsecuritypolicy.yaml Normal file
View File

@ -0,0 +1,68 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }}
{{- if .Capabilities.APIVersions.Has "policy/v1/PodSecurityPolicy" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodSecurityPolicy
metadata:
{{- if .Values.podSecurityPolicy.annotations }}
annotations:
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false
fsGroup:
rule: MustRunAs
ranges:
- max: 65535
min: 1
hostNetwork: false
hostIPC: false
hostPID: false
privileged: false
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes:
- configMap
- downwardAPI
- secret
{{- end }}

38
charts/haproxy/haproxy/1.17.1000/templates/default-backend-role.yaml Normal file
View File

@ -0,0 +1,38 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
rules:
- apiGroups:
- "policy"
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end -}}

37
charts/haproxy/haproxy/1.17.1000/templates/default-backend-rolebinding.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

47
charts/haproxy/haproxy/1.17.1000/templates/default-backend-service.yaml Normal file
View File

@ -0,0 +1,47 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.defaultBackend.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.defaultBackend.service.annotations }}
annotations:
{{ toYaml .Values.defaultBackend.service.annotations | indent 8 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http
port: {{ .Values.defaultBackend.service.port }}
protocol: TCP
{{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
appProtocol: http
{{- end }}
targetPort: http
selector:
app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

29
charts/haproxy/haproxy/1.17.1000/templates/default-backend-serviceaccount.yaml Normal file
View File

@ -0,0 +1,29 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- end -}}

580
charts/haproxy/haproxy/1.17.1000/values.yaml Normal file
View File

@ -0,0 +1,580 @@
# Copyright 2019 HAProxy Technologies LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Default values for kubernetes-ingress Chart for HAProxy Ingress Controller
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
podSecurityPolicy:
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default
# seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
enabled: false
## Enable RBAC Authorization
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
rbac:
create: true
## Configure Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
create: true
name:
## Controller default values
controller:
name: controller
image:
repository: haproxytech/kubernetes-ingress # can be changed to use CE or EE Controller images
tag: "{{ .Chart.AppVersion }}"
pullPolicy: IfNotPresent
## Deployment or DaemonSet pod mode
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
kind: Deployment # can be 'Deployment' or 'DaemonSet'
replicaCount: 2
## Running container without root privileges
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
unprivileged: false
## Init Containers
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
initContainers: []
# - name: sysctl
# image: "busybox:musl"
# command:
# - /bin/sh
# - -c
# - sysctl -w net.core.somaxconn=65536
# securityContext:
# privileged: true
## Pod termination grace period
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
terminationGracePeriodSeconds: 60
## Private Registry configuration
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imageCredentials:
registry: null
username: null
password: null
existingImagePullSecret: null
## Controller Container listener port configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
containerPort:
http: 80
https: 443
stat: 1024
## Controller Container liveness/readiness probe configuration
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 0
path: /healthz
periodSeconds: 10
port: 1042
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 0
path: /healthz
periodSeconds: 10
port: 1042
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
startupProbe:
enabled: true
failureThreshold: 20
initialDelaySeconds: 0
path: /healthz
periodSeconds: 1
port: 1042
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
## IngressClass:
## Ref: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/ingressclass.md
# k8s >= 1.18: IngressClass resource used, in multi-ingress environments, to select ingress resources to implement.
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class
# Note: Uses ingressClass as name for the Ingress Class object if enabled
ingressClassResource:
name: haproxy
default: false
parameters: {}
# k8s < 1.18: Ingress Class used, in multi-ingress environments, for ingress.class annotation to select ingress resources to implement.
# k8s >= 1.18: Ingress Class used to target specific HAProxy Ingress Controller in multi-ingress envionments
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers
ingressClass: haproxy # typically "haproxy" or null to receive all events
## Additional labels to add to the deployment or daemonset metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
extraLabels: {}
# key: value
## Additional labels to add to the pod container metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# key: value
## Additional annotations to add to the pod container metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# key: value
## Ingress TLS secret, if it is enabled and secret is null then controller will use auto-generated secret, otherwise
## secret needs to contain name of the Secret object which has been created manually
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
defaultTLSSecret:
enabled: true
secretNamespace: "{{ .Release.Namespace }}"
secret: null
## Compute Resources for controller container
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
resources:
# limits:
# cpu: 100m
# memory: 64Mi
requests:
cpu: 100m
memory: 64Mi
## Horizontal Pod Scaler
## Only to be used with Deployment kind
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 20
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## Custom metrics (example)
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
# custom:
# - type: Pods
# pods:
# metricName: haproxy_backend_current_sessions
# targetAverageValue: 2000
## Kubernetes Event-driven Autoscaling: KEDA 2.x
## ref: https://keda.sh/docs/2.3/concepts/scaling-deployments/
## Note: mutually exclusive with HPA, enabling KEDA disables HPA
## Node: requires serviceMonitor enabled
keda:
enabled: false
minReplicas: 2
maxReplicas: 20
pollingInterval: 30
cooldownPeriod: 300
restoreToOriginalReplicaCount: false
scaledObject:
annotations: {}
behaviour: {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
triggers: []
# - type: prometheus
# metadata:
# serverAddress: http://<prometheus-host>:9090
# metricName: haproxy_process_idle_time_percent
# threshold: '50'
# query: avg(100-avg_over_time(haproxy_process_idle_time_percent{container="kubernetes-ingress-controller",service="mytest-kubernetes-ingress"}[2m]))
## Pod Disruption Budget
## Only to be used with Deployment kind
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
PodDisruptionBudget:
enable: false
# maxUnavailable: 1
# minAvailable: 1
## Pod Node assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector: {}
## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node Affinity for pod-node scheduling constraints
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## Topology spread constraints (only used in kind: Deployment)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: kubernetes-ingress
# app.kubernetes.io/instance: kubernetes-ingress
## Pod DNS Config
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
dnsConfig: {}
## Pod DNS Policy
## Change this to ClusterFirstWithHostNet in case you have useHostNetwork set to true
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ClusterFirst
## Additional command line arguments to pass to Controller
## ref: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
extraArgs: []
# - --namespace-whitelist=default
# - --namespace-whitelist=namespace1
# - --namespace-blacklist=namespace2
## Custom configuration for Controller
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
config: {}
# timeout-connect: "250ms"
# servers-increment: "10"
# servers-increment-max-disabled: "10"
# rate-limit: "ON"
# rate-limit-expire: "1m"
# rate-limit-interval: "10s"
# rate-limit-size: "100k"
## Controller Logging configuration
logging:
## Controller logging level
## This only relevant to Controller logs
level: info
## HAProxy traffic logs
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation#logging
traffic: {}
# address: "stdout"
# format: "raw"
# facility: "daemon"
## Mirrors the address of the service's endpoints to the
## load-balancer status of all Ingress objects it satisfies.
publishService:
enabled: true
##
## Override of the publish service
## Must be <namespace>/<service_name>
pathOverride: ""
## Controller Service configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
service:
enabled: true # set to false when controller.kind is 'DaemonSet' and controller.daemonset.useHostPorts is true
type: NodePort # can be 'NodePort' or 'LoadBalancer'
## Service annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations: {}
## Service labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels: {}
## Health check node port
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
healthCheckNodePort: 0
## Service nodePorts to use for http, https and stat
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
## If empty, random ports will be used
nodePorts: {}
# http: 31080
# https: 31443
# stat: 31024
## Service ports to use for http, https and stat
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
ports:
http: 80
https: 443
stat: 1024
## The controller service ports for http, https and stat can be disabled by
## setting below to false - this could be useful when only deploying haproxy
## as a TCP loadbalancer
## Note: At least one port (http, https, stat or from tcpPorts) has to be enabled
enablePorts:
http: true
https: true
stat: true
## Target port mappings for http, https and stat
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
targetPorts:
http: http
https: https
stat: stat
## Additional tcp ports to expose
## This is especially useful for TCP services:
## https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
tcpPorts: []
# - name: http-alt
# port: 8080
# targetPort: http-alt
# nodePort: 32080
## Set external traffic policy
## Default is "Cluster", setting it to "Local" preserves source IP
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: "Local"
## Expose service via external IPs that route to one or more cluster nodes
externalIPs: []
## LoadBalancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
loadBalancerIP: ""
## Source IP ranges permitted to access Network Load Balancer
# ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
loadBalancerSourceRanges: []
## Service ClusterIP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
# clusterIP: ""
## Service session affinity
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
# sessionAffinity: ""
## Controller DaemonSet configuration
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
daemonset:
useHostNetwork: false # also modify dnsPolicy accordingly
useHostPort: false
hostPorts:
http: 80
https: 443
stat: 1024
## Controller deployment strategy definition
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
strategy: {}
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# type: RollingUpdate
## Controller Pod PriorityClass
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
## Controller container lifecycle handlers
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle: {}
## Example preStop for graceful shutdown
# preStop:
# exec:
# command: ["/bin/sh", "-c", "kill -USR1 $(pidof haproxy); while killall -0 haproxy; do sleep 1; done"]
## Set additional environment variables
extraEnvs: []
## Set TZ env to configure timezone on controller containers
# - name: TZ
# value: "Etc/UTC"
## Add additional containers
extraContainers: []
## Example sidecar
# - name: sidecar
# image: alpine # alpine is a simple Linux OS image
# command: ["/bin/sh"]
# args: ["-c", "while true; do date; sleep 5;done"]
## Additional volumeMounts to the controller main container
extraVolumeMounts: []
## Example empty volume mounts when using securityContext->readOnlyRootFilesystem
# - name: etc-haproxy
# mountPath: /etc/haproxy
# - name: tmp
# mountPath: /tmp
# - name: var-state-haproxy
# mountPath: /var/state/haproxy
## Additional volumes to the controller pod
extraVolumes: []
## Example empty volumes when using securityContext->readOnlyRootFilesystem
# - name: etc-haproxy
# emptyDir: {}
# - name: tmp
# emptyDir: {}
# - name: var-state-haproxy
# emptyDir: {}
## ServiceMonitor
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md
## Note: requires Prometheus Operator to be able to work, for example:
## helm install prometheus prometheus-community/kube-prometheus-stack \
## --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
## --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
serviceMonitor:
## Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured
enabled: false
## Specify the labels to add to the ServiceMonitors to be selected for target discovery
extraLabels: {}
## Specify the endpoints
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/design.md#servicemonitor
endpoints:
- port: stat
path: /metrics
scheme: http
## Default 404 backend
defaultBackend:
enabled: true
name: default-backend
replicaCount: 2
image:
repository: k8s.gcr.io/defaultbackend-amd64
tag: 1.5
pullPolicy: IfNotPresent
runAsUser: 65534
## Compute Resources
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
resources:
# limits:
# cpu: 10m
# memory: 16Mi
requests:
cpu: 10m
memory: 16Mi
## Horizontal Pod Scaler
## Only to be used with Deployment kind
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## Custom metrics (example)
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
# custom:
# - type: Pods
# pods:
# metricName: haproxy_backend_current_sessions
# targetAverageValue: 2000
## Listener port configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
containerPort: 8080
## Pod Node assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector: {}
## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node Affinity for pod-node scheduling constraints
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## Topology spread constraints
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: kubernetes-ingress-kubernetes-ingress-default-backend
# app.kubernetes.io/instance: haproxy-ingress
## Additional labels to add to the pod container metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# key: value
## Additional annotations to add to the pod container metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# key: value
service:
## Annotations for the default backend service object
annotations: {}
# Use the controller as default backend
# haproxy.org/backend-config-snippet: http-request return status 404
## Service ports
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
port: 8080
## Configure Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
create: true
## Pod PriorityClass
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
## Set additional environment variables
extraEnvs: []
## Set TZ env to configure timezone on controller containers
# - name: TZ
# value: "Etc/UTC"

29
index.yaml
View File

@ -1271,6 +1271,35 @@ entries:
- assets/gluu/gluu-5.0.0.tgz
version: 5.0.0
haproxy:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
catalog.cattle.io/release-name: haproxy
apiVersion: v2
appVersion: 1.7.2
created: "2021-12-01T06:05:02.1395065Z"
description: A Helm chart for HAProxy Kubernetes Ingress Controller
digest: 5602dfdc7ab70a671bbfeac6594bb6d6844e18eca65e1d45bfc03e6446df1ec0
home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png
keywords:
- ingress
- haproxy
kubeVersion: '>=1.17.0-0'
maintainers:
- email: mmhedhbi@haproxy.com
name: Moemen Mhedhbi
- email: bassmann@haproxy.com
name: Baptiste Assmann
- email: dkorunic@haproxy.com
name: Dinko Korunic
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
type: application
urls:
- assets/haproxy/haproxy-1.17.1000.tgz
version: 1.17.1000
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller