andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/f5/nginx-ingress/1.3.2/templates/controller-daemonset.yaml

180 lines
6.2 KiB
YAML
Raw Blame History

{{- if eq .Values.controller.kind "daemonset" }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "nginx-ingress.controller.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
{{- if .Values.controller.annotations }}
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "nginx-ingress.podLabels" . | nindent 8 }}
{{- if or .Values.prometheus.create .Values.controller.pod.annotations }}
annotations:
{{- if .Values.prometheus.create }}
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.prometheus.port }}"
prometheus.io/scheme: "{{ .Values.prometheus.scheme }}"
{{- end }}
{{- if .Values.controller.pod.annotations }}
{{ toYaml .Values.controller.pod.annotations | indent 8 }}
{{- end }}
{{- end }}
spec:
serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }}
automountServiceAccountToken: true
securityContext:
{{ toYaml .Values.controller.podSecurityContext | indent 8 }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{ toYaml .Values.controller.tolerations | indent 6 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity:
{{ toYaml .Values.controller.affinity | indent 8 }}
{{- end }}
{{- include "nginx-ingress.volumes" . | indent 6 }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
hostNetwork: {{ .Values.controller.hostNetwork }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.shareProcessNamespace }}
shareProcessNamespace: true
{{- end }}
containers:
- name: {{ include "nginx-ingress.name" . }}
image: {{ include "nginx-ingress.image" . }}
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
{{- if .Values.controller.lifecycle }}
lifecycle:
{{ toYaml .Values.controller.lifecycle | indent 10 }}
{{- end }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- if and $.Values.controller.hostPort.enable (index $.Values.controller.hostPort $key) }}
hostPort: {{ index $.Values.controller.hostPort $key }}
{{- end }}
{{- end }}
{{ if .Values.controller.customPorts }}
{{ toYaml .Values.controller.customPorts | indent 8 }}
{{ end }}
{{- if .Values.prometheus.create }}
- name: prometheus
containerPort: {{ .Values.prometheus.port }}
{{- end }}
{{- if .Values.serviceInsight.create }}
- name: service-insight
containerPort: {{ .Values.serviceInsight.port }}
{{- end }}
{{- if .Values.controller.readyStatus.enable }}
- name: readiness-port
containerPort: {{ .Values.controller.readyStatus.port }}
readinessProbe:
httpGet:
path: /nginx-ready
port: readiness-port
periodSeconds: 1
initialDelaySeconds: {{ .Values.controller.readyStatus.initialDelaySeconds }}
{{- end }}
{{- if .Values.controller.securityContext }}
securityContext:
{{ toYaml .Values.controller.securityContext | indent 10 }}
{{- else }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: {{ .Values.controller.readOnlyRootFilesystem }}
runAsUser: 101 #nginx
runAsNonRoot: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
{{- include "nginx-ingress.volumeMounts" . | indent 8 }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if .Values.controller.env }}
{{ toYaml .Values.controller.env | indent 8 }}
{{- end }}
{{- if .Values.nginxServiceMesh.enable }}
- name: POD_SERVICEACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
{{- end }}
resources:
{{ toYaml .Values.controller.resources | indent 10 }}
args:
{{- include "nginx-ingress.args" . | nindent 10 }}
{{- if .Values.controller.extraContainers }}
{{ toYaml .Values.controller.extraContainers | nindent 6 }}
{{- end }}
{{- include "nginx-ingress.appprotect.v5" . | nindent 6 }}
{{- if or (eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" ) .Values.controller.initContainers }}
initContainers:
{{- end }}
{{- if eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" }}
- name: init-{{ include "nginx-ingress.name" . }}
image: {{ include "nginx-ingress.image" . }}
imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
command: ['cp', '-vdR', '/etc/nginx/.', '/mnt/etc']
{{- if .Values.controller.initContainerResources }}
resources:
{{ toYaml .Values.controller.initContainerResources | indent 10 }}
{{- end }}
{{- if .Values.controller.initContainerSecurityContext }}
securityContext:
{{ toYaml .Values.controller.initContainerSecurityContext | indent 10 }}
{{- else }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 101 #nginx
runAsNonRoot: true
capabilities:
drop:
- ALL
{{- end }}
volumeMounts:
- mountPath: /mnt/etc
name: nginx-etc
{{- end }}
{{- if .Values.controller.initContainers }}
{{ toYaml .Values.controller.initContainers | indent 6 }}
{{- end }}
{{- if .Values.controller.strategy }}
updateStrategy:
{{ toYaml .Values.controller.strategy | indent 4 }}
{{- end }}
{{- if .Values.controller.minReadySeconds }}
minReadySeconds: {{ .Values.controller.minReadySeconds }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink