apiVersion: apps/v1 kind: Deployment metadata: name: cpx-ingress spec: selector: matchLabels: app: cpx-ingress replicas: 1 template: metadata: name: cpx-ingress labels: app: cpx-ingress annotations: spec: serviceAccountName: cpx-ingress-k8s-role containers: - name: cpx-ingress image: "{{ .Values.image }}" imagePullPolicy: {{ .Values.pullPolicy }} securityContext: privileged: true env: - name: "EULA" value: "{{ .Values.license.accept }}" - name: "KUBERNETES_TASK_ID" value: "" {{- if .Values.ADMSettings.licenseServerIP }} - name: "LS_IP" value: {{ .Values.ADMSettings.licenseServerIP | quote }} {{- end }} {{- if .Values.ADMSettings.licenseServerPort }} - name: "LS_PORT" value: {{ .Values.ADMSettings.licenseServerPort | quote }} {{- end }} - name: "MGMT_HTTP_PORT" value: {{ .Values.mgmtHttpPort | quote }} - name: "MGMT_HTTPS_PORT" value: {{ .Values.mgmtHttpsPort | quote }} {{- if .Values.ADMSettings.ADMIP }} - name: "NS_MGMT_SERVER" value: {{ .Values.ADMSettings.ADMIP | quote }} - name: "NS_MGMT_FINGER_PRINT" value: {{ .Values.ADMSettings.ADMFingerPrint | quote }} - name: "NS_HTTP_PORT" value: {{ .Values.mgmtHttpPort | quote }} - name: "NS_HTTPS_PORT" value: {{ .Values.mgmtHttpsPort | quote }} - name: "LOGSTREAM_COLLECTOR_IP" value: {{ .Values.ADMSettings.ADMIP | quote }} {{- end }} #To povision bandwidth based licensing to Citrix ADC CPX from ADM, needs bandwidth {{- if and ( .Values.ADMSettings.licenseServerIP ) (eq .Values.ADMSettings.bandWidthLicense true) }} - name: "BANDWIDTH" value: {{ required "Mention bandwidth for bandwidth based licensing" .Values.ADMSettings.bandWidth | quote }} {{- end }} #for multiple-PE support, need to set CPX_CORES {{- if .Values.ADMSettings.licenseServerIP }} {{- if or (eq .Values.ADMSettings.vCPULicense true) (eq .Values.ADMSettings.bandWidthLicense true) }} - name: "CPX_CORES" value: {{ .Values.ADMSettings.cpxCores | default 1 | quote }} {{- end }} {{- end }} {{- if or (.Values.ADMSettings.ADMIP) (.Values.ADMSettings.licenseServerIP) }} - name: NS_MGMT_USER valueFrom: secretKeyRef: name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }} key: username - name: NS_MGMT_PASS valueFrom: secretKeyRef: name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }} key: password {{- end }} volumeMounts: - mountPath: /cpx/conf/ name: cpx-volume1 - mountPath: /cpx/crash/ name: cpx-volume2 {{- if .Values.cic.required }} # Add cic as a sidecar - name: cic image: "{{ .Values.cic.image }}" imagePullPolicy: {{ .Values.cic.pullPolicy }} env: - name: "EULA" value: "{{ .Values.license.accept }}" - name: "NS_IP" value: "127.0.0.1" - name: "NS_APPS_NAME_PREFIX" value: {{ .Values.nsNamespace | default "k8s"}} - name: "NS_DEPLOYMENT_MODE" value: "SIDECAR" - name: "NS_ENABLE_MONITORING" value: "YES" - name: "NS_USER" valueFrom: secretKeyRef: name: cpxlogin key: username - name: "NS_PASSWORD" valueFrom: secretKeyRef: name: cpxlogin key: password {{- if .Values.logProxy }} - name: "NS_LOGPROXY" value: {{ .Values.logProxy | quote }} {{- end }} - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace {{- if .Values.kubernetesURL }} - name: "kubernetes_url" value: "{{ .Values.kubernetesURL }}" {{- end }} args: - --configmap {{ .Release.Namespace }}/cpx-cic-configmap {{- if .Values.ingressClass }} - --ingress-class {{- range .Values.ingressClass}} {{.}} {{- end }} {{- end }} {{- if .Values.defaultSSLCert }} - --default-ssl-certificate {{ .Release.Namespace }}/{{ .Values.defaultSSLCert }} {{- end }} {{- end }} {{- if .Values.exporter.required }} - name: exporter image: "{{ .Values.exporter.image }}" imagePullPolicy: {{ .Values.exporter.pullPolicy }} args: - "--secure=no" - "--target-nsip=127.0.0.1" - "--port={{ .Values.exporter.ports.containerPort }}" env: - name: "NS_USER" valueFrom: secretKeyRef: name: cpxlogin key: username - name: "NS_PASSWORD" valueFrom: secretKeyRef: name: cpxlogin key: password securityContext: readOnlyRootFilesystem: true {{- end }} volumes: - name: cpx-volume1 emptyDir: {} - name: cpx-volume2 emptyDir: {} {{- if and .Values.nodeSelector.key .Values.nodeSelector.value }} nodeSelector: {{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }} {{- end }} --- apiVersion: v1 kind: Service metadata: name: cpx-service labels: app: cpx-service service-type: citrix-adc-cpx-monitor spec: type: NodePort ports: - port: 80 protocol: TCP name: http - port: 443 protocol: TCP name: https {{- if .Values.exporter.required }} - port: {{ .Values.exporter.ports.containerPort }} targetPort: {{ .Values.exporter.ports.containerPort }} name: exporter-port {{- end }} selector: app: cpx-ingress --- {{- if .Values.exporter.required }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: citrix-adc-cpx-servicemonitor labels: servicemonitor: citrix-adc-cpx spec: endpoints: - interval: 30s port: exporter-port selector: matchLabels: service-type: citrix-adc-cpx-monitor namespaceSelector: matchNames: - monitoring - default - {{ .Release.Namespace }} {{- end }}