635 lines
22 KiB
YAML
635 lines
22 KiB
YAML
# Copyright 2019 HAProxy Technologies LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## Default values for kubernetes-ingress Chart for HAProxy Ingress Controller
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
|
|
|
|
podSecurityPolicy:
|
|
annotations: {}
|
|
## Specify pod annotations
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
|
##
|
|
# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
|
|
# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
|
|
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default
|
|
# seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
|
|
enabled: false
|
|
|
|
## Enable RBAC Authorization
|
|
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
|
|
rbac:
|
|
create: true
|
|
|
|
## Create namespace
|
|
## https://kubernetes.io/docs/tasks/administer-cluster/namespaces-walkthrough/
|
|
namespace:
|
|
create: false
|
|
|
|
## Configure Service Account
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
serviceAccount:
|
|
create: true
|
|
name:
|
|
|
|
## AWS Market Place integration
|
|
## Allows installation of the HAPEE Ingress Controller on AWS EKS and EKS-Anywhere.
|
|
## ref: https://docs.aws.amazon.com/marketplace/latest/userguide/container-anywhere-license-manager-integration.html
|
|
aws:
|
|
## Name of the Secret deployed in the desired namespace containing the AWS license files
|
|
licenseConfigSecretName: ""
|
|
|
|
## Controller default values
|
|
controller:
|
|
name: controller
|
|
image:
|
|
repository: haproxytech/kubernetes-ingress # can be changed to use CE or EE Controller images
|
|
tag: "{{ .Chart.AppVersion }}"
|
|
pullPolicy: IfNotPresent
|
|
|
|
## Deployment or DaemonSet pod mode
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
|
|
kind: Deployment # can be 'Deployment' or 'DaemonSet'
|
|
replicaCount: 2
|
|
|
|
## minReadySeconds setting of Deployment or DaemonSet
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds
|
|
minReadySeconds: 0
|
|
|
|
## Running container without root privileges
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
unprivileged: true
|
|
|
|
## Restricts container syscalls
|
|
## ref: https://kubernetes.io/docs/tutorials/security/seccomp/
|
|
enableRuntimeDefaultSeccompProfile: true
|
|
|
|
## Init Containers
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
initContainers: []
|
|
# - name: sysctl
|
|
# image: "busybox:musl"
|
|
# command:
|
|
# - /bin/sh
|
|
# - -c
|
|
# - sysctl -w net.core.somaxconn=65536
|
|
# securityContext:
|
|
# privileged: true
|
|
|
|
## Pod termination grace period
|
|
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
|
|
terminationGracePeriodSeconds: 60
|
|
|
|
## Private Registry configuration
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
imageCredentials:
|
|
registry: null
|
|
username: null
|
|
password: null
|
|
existingImagePullSecret: null
|
|
|
|
## Controller Container listener port configuration
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
|
|
containerPort:
|
|
http: 8080
|
|
https: 8443
|
|
stat: 1024
|
|
|
|
## Controller Container liveness/readiness probe configuration
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
httpGet:
|
|
path: /healthz
|
|
port: 1042
|
|
scheme: HTTP
|
|
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
httpGet:
|
|
path: /healthz
|
|
port: 1042
|
|
scheme: HTTP
|
|
|
|
startupProbe:
|
|
failureThreshold: 20
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 1
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
httpGet:
|
|
path: /healthz
|
|
port: 1042
|
|
scheme: HTTP
|
|
|
|
## IngressClass:
|
|
## Ref: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/ingressclass.md
|
|
|
|
# k8s >= 1.18: IngressClass resource used, in multi-ingress environments, to select ingress resources to implement.
|
|
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
|
|
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class
|
|
# Note: Uses ingressClass as name for the Ingress Class object if enabled
|
|
ingressClassResource:
|
|
name: haproxy
|
|
default: false
|
|
parameters: {}
|
|
|
|
# k8s < 1.18: Ingress Class used, in multi-ingress environments, for ingress.class annotation to select ingress resources to implement.
|
|
# k8s >= 1.18: Ingress Class used to target specific HAProxy Ingress Controller in multi-ingress envionments
|
|
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers
|
|
ingressClass: haproxy # typically "haproxy" or null to receive all events
|
|
|
|
## Additional labels to add to the deployment or daemonset metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
extraLabels: {}
|
|
# key: value
|
|
|
|
## Additional labels to add to the pod container metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
podLabels: {}
|
|
# key: value
|
|
|
|
## Additional annotations to add to the pod container metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
podAnnotations: {}
|
|
# key: value
|
|
|
|
## Allows to enable/disable environment variables for finding services
|
|
## ref: https://kubernetes.io/docs/tutorials/services/connect-applications-service/#accessing-the-service
|
|
## Note: Possible performance issues in large clusters: https://github.com/kubernetes/kubernetes/issues/92615
|
|
enableServiceLinks: true
|
|
|
|
## Ingress TLS secret, if it is enabled and secret is null then controller will use auto-generated secret, otherwise
|
|
## secret needs to contain name of the Secret object which has been created manually
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
|
|
defaultTLSSecret:
|
|
enabled: true
|
|
secretNamespace: "{{ .Release.Namespace }}"
|
|
secret: null
|
|
|
|
## Compute Resources for controller container
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
resources:
|
|
# limits:
|
|
# cpu: 250m
|
|
# memory: 400Mi
|
|
requests:
|
|
cpu: 250m
|
|
memory: 400Mi
|
|
|
|
## Horizontal Pod Scaler
|
|
## Only to be used with Deployment kind
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 2
|
|
maxReplicas: 20
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
## HPA annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
annotations: {}
|
|
# annotationKey: value
|
|
|
|
## Custom metrics (example)
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
|
|
# custom:
|
|
# - type: Pods
|
|
# pods:
|
|
# metricName: haproxy_backend_current_sessions
|
|
# targetAverageValue: 2000
|
|
|
|
## Kubernetes Event-driven Autoscaling: KEDA 2.x
|
|
## ref: https://keda.sh/docs/2.3/concepts/scaling-deployments/
|
|
## Note: mutually exclusive with HPA, enabling KEDA disables HPA
|
|
## Node: requires serviceMonitor enabled
|
|
keda:
|
|
enabled: false
|
|
minReplicas: 2
|
|
maxReplicas: 20
|
|
pollingInterval: 30
|
|
cooldownPeriod: 300
|
|
restoreToOriginalReplicaCount: false
|
|
scaledObject:
|
|
annotations: {}
|
|
behavior: {}
|
|
# scaleDown:
|
|
# stabilizationWindowSeconds: 300
|
|
# policies:
|
|
# - type: Percent
|
|
# value: 100
|
|
# periodSeconds: 15
|
|
triggers: []
|
|
# - type: prometheus
|
|
# metadata:
|
|
# serverAddress: http://<prometheus-host>:9090
|
|
# metricName: haproxy_process_idle_time_percent
|
|
# threshold: '50'
|
|
# query: avg(100-avg_over_time(haproxy_process_idle_time_percent{container="kubernetes-ingress-controller",service="mytest-kubernetes-ingress"}[2m]))
|
|
|
|
## Pod Disruption Budget
|
|
## Only to be used with Deployment kind
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
PodDisruptionBudget:
|
|
enable: false
|
|
# maxUnavailable: 1
|
|
# minAvailable: 1
|
|
|
|
## Pod Node assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
nodeSelector: {}
|
|
|
|
## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
tolerations: []
|
|
# - key: "key"
|
|
# operator: "Equal|Exists"
|
|
# value: "value"
|
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
|
|
|
## Node Affinity for pod-node scheduling constraints
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
affinity: {}
|
|
|
|
## Topology spread constraints (only used in kind: Deployment)
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
topologySpreadConstraints: []
|
|
# - maxSkew: 1
|
|
# topologyKey: kubernetes.io/zone
|
|
# whenUnsatisfiable: DoNotSchedule
|
|
# labelSelector:
|
|
# matchLabels:
|
|
# app.kubernetes.io/name: kubernetes-ingress
|
|
# app.kubernetes.io/instance: kubernetes-ingress
|
|
|
|
## Pod DNS Config
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
|
|
dnsConfig: {}
|
|
|
|
## Pod DNS Policy
|
|
## Change this to ClusterFirstWithHostNet in case you have useHostNetwork set to true
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
|
|
dnsPolicy: ClusterFirst
|
|
|
|
## Additional command line arguments to pass to Controller
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
|
|
extraArgs: []
|
|
# - --namespace-whitelist=default
|
|
# - --namespace-whitelist=namespace1
|
|
# - --namespace-blacklist=namespace2
|
|
|
|
## Custom configuration for Controller
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
|
|
config: {}
|
|
# timeout-connect: "250ms"
|
|
# servers-increment: "10"
|
|
# servers-increment-max-disabled: "10"
|
|
# rate-limit: "ON"
|
|
# rate-limit-expire: "1m"
|
|
# rate-limit-interval: "10s"
|
|
# rate-limit-size: "100k"
|
|
|
|
## Extra annotation for custom configmap for Controller
|
|
configAnnotations: {}
|
|
# annotationKey: value
|
|
|
|
## Controller Logging configuration
|
|
logging:
|
|
## Controller logging level
|
|
## This only relevant to Controller logs
|
|
level: info
|
|
|
|
## HAProxy traffic logs
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation#logging
|
|
traffic: {}
|
|
# address: "stdout"
|
|
# format: "raw"
|
|
# facility: "daemon"
|
|
|
|
## Mirrors the address of the service's endpoints to the
|
|
## load-balancer status of all Ingress objects it satisfies.
|
|
publishService:
|
|
enabled: true
|
|
##
|
|
## Override of the publish service
|
|
## Must be <namespace>/<service_name>
|
|
pathOverride: ""
|
|
|
|
## Controller Service configuration
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
service:
|
|
enabled: true # set to false when controller.kind is 'DaemonSet' and controller.daemonset.useHostPorts is true
|
|
|
|
type: NodePort # can be 'ClusterIP', 'NodePort' or 'LoadBalancer'
|
|
|
|
## Service annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
annotations: {}
|
|
|
|
## Service labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
labels: {}
|
|
|
|
## Health check node port
|
|
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
healthCheckNodePort: 0
|
|
|
|
## Service nodePorts to use for http, https and stat
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
## If empty, random ports will be used
|
|
nodePorts: {}
|
|
# http: 31080
|
|
# https: 31443
|
|
# stat: 31024
|
|
|
|
## Service ports to use for http, https and stat
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
ports:
|
|
http: 80
|
|
https: 443
|
|
stat: 1024
|
|
|
|
## The controller service ports for http, https and stat can be disabled by
|
|
## setting below to false - this could be useful when only deploying haproxy
|
|
## as a TCP loadbalancer
|
|
## Note: At least one port (http, https, stat or from tcpPorts) has to be enabled
|
|
enablePorts:
|
|
http: true
|
|
https: true
|
|
stat: true
|
|
|
|
## Target port mappings for http, https and stat
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
targetPorts:
|
|
http: http
|
|
https: https
|
|
stat: stat
|
|
|
|
## Additional tcp ports to expose
|
|
## This is especially useful for TCP services:
|
|
## https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
|
|
tcpPorts: []
|
|
# - name: http-alt
|
|
# port: 8080
|
|
# targetPort: http-alt
|
|
# nodePort: 32080
|
|
|
|
## Set external traffic policy
|
|
## Default is "Cluster", setting it to "Local" preserves source IP
|
|
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
|
|
# externalTrafficPolicy: "Local"
|
|
|
|
## Expose service via external IPs that route to one or more cluster nodes
|
|
externalIPs: []
|
|
|
|
## LoadBalancer IP
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
|
|
loadBalancerIP: ""
|
|
|
|
## Source IP ranges permitted to access Network Load Balancer
|
|
# ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
|
|
loadBalancerSourceRanges: []
|
|
|
|
## Service ClusterIP
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
# clusterIP: ""
|
|
|
|
## Service session affinity
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
# sessionAffinity: ""
|
|
|
|
## Controller DaemonSet configuration
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
|
|
daemonset:
|
|
useHostNetwork: false # also modify dnsPolicy accordingly
|
|
useHostPort: false
|
|
hostPorts:
|
|
http: 80
|
|
https: 443
|
|
stat: 1024
|
|
|
|
## Controller deployment strategy definition
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
|
strategy: {}
|
|
# rollingUpdate:
|
|
# maxSurge: 25%
|
|
# maxUnavailable: 25%
|
|
# type: RollingUpdate
|
|
|
|
## Controller Pod PriorityClass
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
|
priorityClassName: ""
|
|
|
|
## Pod runtime class name
|
|
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
|
|
runtimeClassName: ""
|
|
|
|
## Controller container lifecycle handlers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
|
|
lifecycle: {}
|
|
## Example preStop for graceful shutdown
|
|
# preStop:
|
|
# exec:
|
|
# command: ["/bin/sh", "-c", "kill -USR1 $(pidof haproxy); while killall -0 haproxy; do sleep 1; done"]
|
|
|
|
## Set additional environment variables
|
|
extraEnvs: []
|
|
## Set TZ env to configure timezone on controller containers
|
|
# - name: TZ
|
|
# value: "Etc/UTC"
|
|
|
|
## Add additional containers
|
|
extraContainers: []
|
|
## Example sidecar
|
|
# - name: sidecar
|
|
# image: alpine # alpine is a simple Linux OS image
|
|
# command: ["/bin/sh"]
|
|
# args: ["-c", "while true; do date; sleep 5;done"]
|
|
|
|
## Additional volumeMounts to the controller main container
|
|
extraVolumeMounts: []
|
|
## Example empty volume mounts when using securityContext->readOnlyRootFilesystem
|
|
# - name: etc-haproxy
|
|
# mountPath: /etc/haproxy
|
|
# - name: tmp
|
|
# mountPath: /tmp
|
|
# - name: var-state-haproxy
|
|
# mountPath: /var/state/haproxy
|
|
|
|
## Additional volumes to the controller pod
|
|
extraVolumes: []
|
|
## Example empty volumes when using securityContext->readOnlyRootFilesystem
|
|
# - name: etc-haproxy
|
|
# emptyDir: {}
|
|
# - name: tmp
|
|
# emptyDir: {}
|
|
# - name: var-state-haproxy
|
|
# emptyDir: {}
|
|
|
|
## ServiceMonitor
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md
|
|
## Note: requires Prometheus Operator to be able to work, for example:
|
|
## helm install prometheus prometheus-community/kube-prometheus-stack \
|
|
## --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
|
|
## --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
|
|
serviceMonitor:
|
|
## Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured
|
|
enabled: false
|
|
|
|
## Specify the labels to add to the ServiceMonitors to be selected for target discovery
|
|
extraLabels: {}
|
|
|
|
## Specify the endpoints
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/design.md#servicemonitor
|
|
endpoints:
|
|
- port: stat
|
|
path: /metrics
|
|
scheme: http
|
|
interval: 30s
|
|
|
|
## Default 404 backend
|
|
defaultBackend:
|
|
enabled: true
|
|
name: default-backend
|
|
replicaCount: 2
|
|
|
|
image:
|
|
repository: k8s.gcr.io/defaultbackend-amd64
|
|
tag: 1.5
|
|
pullPolicy: IfNotPresent
|
|
runAsUser: 65534
|
|
|
|
## Restricts container syscalls
|
|
## ref: https://kubernetes.io/docs/tutorials/security/seccomp/
|
|
enableRuntimeDefaultSeccompProfile: true
|
|
|
|
## Compute Resources
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
resources:
|
|
# limits:
|
|
# cpu: 10m
|
|
# memory: 16Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 16Mi
|
|
|
|
## Horizontal Pod Scaler
|
|
## Only to be used with Deployment kind
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 2
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
## HPA annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
annotations: {}
|
|
# annotationKey: value
|
|
|
|
## Custom metrics (example)
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
|
|
# custom:
|
|
# - type: Pods
|
|
# pods:
|
|
# metricName: haproxy_backend_current_sessions
|
|
# targetAverageValue: 2000
|
|
|
|
## Private Registry configuration
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
imageCredentials:
|
|
registry: null
|
|
username: null
|
|
password: null
|
|
existingImagePullSecret: null
|
|
|
|
## Listener port configuration
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
|
|
containerPort: 8080
|
|
|
|
## Pod Node assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
nodeSelector: {}
|
|
|
|
## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
tolerations: []
|
|
# - key: "key"
|
|
# operator: "Equal|Exists"
|
|
# value: "value"
|
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
|
|
|
## Node Affinity for pod-node scheduling constraints
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
affinity: {}
|
|
|
|
## Topology spread constraints
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
topologySpreadConstraints: []
|
|
# - maxSkew: 1
|
|
# topologyKey: kubernetes.io/zone
|
|
# whenUnsatisfiable: DoNotSchedule
|
|
# labelSelector:
|
|
# matchLabels:
|
|
# app.kubernetes.io/name: kubernetes-ingress-kubernetes-ingress-default-backend
|
|
# app.kubernetes.io/instance: haproxy-ingress
|
|
|
|
## Additional labels to add to the pod container metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
podLabels: {}
|
|
# key: value
|
|
|
|
## Additional annotations to add to the pod container metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
podAnnotations: {}
|
|
# key: value
|
|
|
|
service:
|
|
## Annotations for the default backend service object
|
|
annotations: {}
|
|
# Use the controller as default backend
|
|
# haproxy.org/backend-config-snippet: http-request return status 404
|
|
|
|
## Service ports
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
port: 8080
|
|
|
|
## Configure Service Account
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
serviceAccount:
|
|
create: true
|
|
|
|
## Pod PriorityClass
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
|
priorityClassName: ""
|
|
|
|
## Set additional environment variables
|
|
extraEnvs: []
|
|
## Set TZ env to configure timezone on controller containers
|
|
# - name: TZ
|
|
# value: "Etc/UTC"
|