rancher-partner-charts/charts/citrix-cpx-with-ingress-con.../templates/citrix-k8s-cpx-ingress.yaml

222 lines
6.6 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: cpx-ingress
spec:
selector:
matchLabels:
app: cpx-ingress
replicas: 1
template:
metadata:
name: cpx-ingress
labels:
app: cpx-ingress
annotations:
spec:
serviceAccountName: cpx-ingress-k8s-role
containers:
- name: cpx-ingress
image: "{{ .Values.image }}"
imagePullPolicy: {{ .Values.pullPolicy }}
securityContext:
privileged: true
env:
- name: "EULA"
value: "{{ .Values.license.accept }}"
- name: "KUBERNETES_TASK_ID"
value: ""
{{- if .Values.ADMSettings.licenseServerIP }}
- name: "LS_IP"
value: {{ .Values.ADMSettings.licenseServerIP | quote }}
{{- end }}
{{- if .Values.ADMSettings.licenseServerPort }}
- name: "LS_PORT"
value: {{ .Values.ADMSettings.licenseServerPort | quote }}
{{- end }}
- name: "MGMT_HTTP_PORT"
value: {{ .Values.mgmtHttpPort | quote }}
- name: "MGMT_HTTPS_PORT"
value: {{ .Values.mgmtHttpsPort | quote }}
{{- if .Values.ADMSettings.ADMIP }}
- name: "NS_MGMT_SERVER"
value: {{ .Values.ADMSettings.ADMIP | quote }}
- name: "NS_MGMT_FINGER_PRINT"
value: {{ .Values.ADMSettings.ADMFingerPrint | quote }}
- name: "NS_HTTP_PORT"
value: {{ .Values.mgmtHttpPort | quote }}
- name: "NS_HTTPS_PORT"
value: {{ .Values.mgmtHttpsPort | quote }}
- name: "LOGSTREAM_COLLECTOR_IP"
value: {{ .Values.ADMSettings.ADMIP | quote }}
{{- end }}
#To povision bandwidth based licensing to Citrix ADC CPX from ADM, needs bandwidth
{{- if and ( .Values.ADMSettings.licenseServerIP ) (eq .Values.ADMSettings.bandWidthLicense true) }}
- name: "BANDWIDTH"
value: {{ required "Mention bandwidth for bandwidth based licensing" .Values.ADMSettings.bandWidth | quote }}
{{- end }}
#for multiple-PE support, need to set CPX_CORES
{{- if .Values.ADMSettings.licenseServerIP }}
{{- if or (eq .Values.ADMSettings.vCPULicense true) (eq .Values.ADMSettings.bandWidthLicense true) }}
- name: "CPX_CORES"
value: {{ .Values.ADMSettings.cpxCores | default 1 | quote }}
{{- end }}
{{- end }}
{{- if or (.Values.ADMSettings.ADMIP) (.Values.ADMSettings.licenseServerIP) }}
- name: NS_MGMT_USER
valueFrom:
secretKeyRef:
name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }}
key: username
- name: NS_MGMT_PASS
valueFrom:
secretKeyRef:
name: {{ required "Provide Secret for ADM/LicenseServer credentials" .Values.ADMSettings.loginSecret }}
key: password
{{- end }}
volumeMounts:
- mountPath: /cpx/conf/
name: cpx-volume1
- mountPath: /cpx/crash/
name: cpx-volume2
{{- if .Values.cic.required }}
# Add cic as a sidecar
- name: cic
image: "{{ .Values.cic.image }}"
imagePullPolicy: {{ .Values.cic.pullPolicy }}
env:
- name: "EULA"
value: "{{ .Values.license.accept }}"
- name: "NS_IP"
value: "127.0.0.1"
- name: "NS_APPS_NAME_PREFIX"
value: {{ .Values.nsNamespace | default "k8s"}}
- name: "NS_DEPLOYMENT_MODE"
value: "SIDECAR"
- name: "NS_ENABLE_MONITORING"
value: "YES"
- name: "NS_USER"
valueFrom:
secretKeyRef:
name: cpxlogin
key: username
- name: "NS_PASSWORD"
valueFrom:
secretKeyRef:
name: cpxlogin
key: password
{{- if .Values.logProxy }}
- name: "NS_LOGPROXY"
value: {{ .Values.logProxy | quote }}
{{- end }}
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
{{- if .Values.kubernetesURL }}
- name: "kubernetes_url"
value: "{{ .Values.kubernetesURL }}"
{{- end }}
args:
- --configmap
{{ .Release.Namespace }}/cpx-cic-configmap
{{- if .Values.ingressClass }}
- --ingress-class
{{- range .Values.ingressClass}}
{{.}}
{{- end }}
{{- end }}
{{- if .Values.defaultSSLCert }}
- --default-ssl-certificate
{{ .Release.Namespace }}/{{ .Values.defaultSSLCert }}
{{- end }}
{{- end }}
{{- if .Values.exporter.required }}
- name: exporter
image: "{{ .Values.exporter.image }}"
imagePullPolicy: {{ .Values.exporter.pullPolicy }}
args:
- "--secure=no"
- "--target-nsip=127.0.0.1"
- "--port={{ .Values.exporter.ports.containerPort }}"
env:
- name: "NS_USER"
valueFrom:
secretKeyRef:
name: cpxlogin
key: username
- name: "NS_PASSWORD"
valueFrom:
secretKeyRef:
name: cpxlogin
key: password
securityContext:
readOnlyRootFilesystem: true
{{- end }}
volumes:
- name: cpx-volume1
emptyDir: {}
- name: cpx-volume2
emptyDir: {}
{{- if and .Values.nodeSelector.key .Values.nodeSelector.value }}
nodeSelector:
{{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: cpx-service
labels:
app: cpx-service
service-type: citrix-adc-cpx-monitor
spec:
type: NodePort
ports:
- port: 80
protocol: TCP
name: http
- port: 443
protocol: TCP
name: https
{{- if .Values.exporter.required }}
- port: {{ .Values.exporter.ports.containerPort }}
targetPort: {{ .Values.exporter.ports.containerPort }}
name: exporter-port
{{- end }}
selector:
app: cpx-ingress
---
{{- if .Values.exporter.required }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: citrix-adc-cpx-servicemonitor
labels:
servicemonitor: citrix-adc-cpx
spec:
endpoints:
- interval: 30s
port: exporter-port
selector:
matchLabels:
service-type: citrix-adc-cpx-monitor
namespaceSelector:
matchNames:
- monitoring
- default
- {{ .Release.Namespace }}
{{- end }}