182 lines
6.0 KiB
YAML
182 lines
6.0 KiB
YAML
{{- if (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) }}
|
|
# StatefulSet to run the actual Consul server cluster.
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ template "consul.fullname" . }}-server-config
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app: {{ template "consul.name" . }}
|
|
chart: {{ template "consul.chart" . }}
|
|
heritage: {{ .Release.Service }}
|
|
release: {{ .Release.Name }}
|
|
component: server
|
|
data:
|
|
server.json: |
|
|
{
|
|
{{- if and .Values.global.secretsBackend.vault.enabled }}
|
|
"auto_reload_config": true,
|
|
{{- end }}
|
|
"bind_addr": "0.0.0.0",
|
|
"bootstrap_expect": {{ if .Values.server.bootstrapExpect }}{{ .Values.server.bootstrapExpect }}{{ else }}{{ .Values.server.replicas }}{{ end }},
|
|
"client_addr": "0.0.0.0",
|
|
"connect": {
|
|
"enabled": {{ .Values.server.connect }}
|
|
},
|
|
"datacenter": "{{ .Values.global.datacenter }}",
|
|
"data_dir": "/consul/data",
|
|
"domain": "{{ .Values.global.domain }}",
|
|
"ports": {
|
|
{{- if not .Values.global.tls.enabled }}
|
|
"grpc": 8502,
|
|
"grpc_tls": -1,
|
|
{{- end }}
|
|
{{- if .Values.global.tls.enabled }}
|
|
"grpc": -1,
|
|
"grpc_tls": 8502,
|
|
{{- end }}
|
|
"serf_lan": {{ .Values.server.ports.serflan.port }}
|
|
},
|
|
"recursors": {{ .Values.global.recursors | toJson }},
|
|
"retry_join": ["{{template "consul.fullname" . }}-server.{{ .Release.Namespace }}.svc:{{ .Values.server.ports.serflan.port }}"],
|
|
{{- if .Values.global.peering.enabled }}
|
|
"peering": {
|
|
"enabled": true
|
|
},
|
|
{{- end }}
|
|
"server": true
|
|
}
|
|
{{- $vaultConnectCAEnabled := and .Values.global.secretsBackend.vault.connectCA.address .Values.global.secretsBackend.vault.connectCA.rootPKIPath .Values.global.secretsBackend.vault.connectCA.intermediatePKIPath -}}
|
|
{{- if and .Values.global.secretsBackend.vault.enabled $vaultConnectCAEnabled }}
|
|
{{- with .Values.global.secretsBackend.vault }}
|
|
connect-ca-config.json: |
|
|
{
|
|
"connect": [
|
|
{
|
|
"ca_config": [
|
|
{
|
|
"address": "{{ .connectCA.address }}",
|
|
{{- if and .ca.secretName .ca.secretKey }}
|
|
"ca_file": "/consul/vault-ca/tls.crt",
|
|
{{- end }}
|
|
"intermediate_pki_path": "{{ .connectCA.intermediatePKIPath }}",
|
|
"root_pki_path": "{{ .connectCA.rootPKIPath }}",
|
|
"auth_method": {
|
|
"type": "kubernetes",
|
|
"mount_path": "{{ .connectCA.authMethodPath }}",
|
|
"params": {
|
|
"role": "{{ .consulServerRole }}"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"ca_provider": "vault"
|
|
}
|
|
]
|
|
}
|
|
{{- if .connectCA.additionalConfig }}
|
|
additional-connect-ca-config.json: |
|
|
{{ tpl .connectCA.additionalConfig $ | trimAll "\"" | indent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
extra-from-values.json: |-
|
|
{{ tpl .Values.server.extraConfig . | trimAll "\"" | indent 4 }}
|
|
{{- if .Values.global.acls.manageSystemACLs }}
|
|
acl-config.json: |-
|
|
{
|
|
"acl": {
|
|
"enabled": true,
|
|
"default_policy": "deny",
|
|
"down_policy": "extend-cache",
|
|
{{- if (and .Values.global.acls.replicationToken.secretName .Values.global.acls.replicationToken.secretKey) }}
|
|
"enable_token_replication": true,
|
|
{{- end }}
|
|
"enable_token_persistence": true
|
|
}
|
|
}
|
|
{{- end }}
|
|
{{- if .Values.global.tls.enabled }}
|
|
tls-config.json: |-
|
|
{
|
|
"tls": {
|
|
{{- if .Values.global.tls.verify }}
|
|
"internal_rpc": {
|
|
"verify_incoming": true,
|
|
"verify_server_hostname": true
|
|
},
|
|
"grpc": {
|
|
"verify_incoming": false
|
|
},
|
|
{{- end }}
|
|
"defaults": {
|
|
{{- if .Values.global.tls.verify }}
|
|
"verify_outgoing": true,
|
|
{{- end }}
|
|
{{- if .Values.global.secretsBackend.vault.enabled }}
|
|
"ca_file": "/vault/secrets/serverca.crt",
|
|
"cert_file": "/vault/secrets/servercert.crt",
|
|
"key_file": "/vault/secrets/servercert.key"
|
|
{{- else }}
|
|
"ca_file": "/consul/tls/ca/tls.crt",
|
|
"cert_file": "/consul/tls/server/tls.crt",
|
|
"key_file": "/consul/tls/server/tls.key"
|
|
{{- end }}
|
|
}
|
|
},
|
|
{{- if .Values.global.tls.enableAutoEncrypt }}
|
|
"auto_encrypt": {
|
|
"allow_tls": true
|
|
},
|
|
{{- end }}
|
|
"ports": {
|
|
{{- if .Values.global.tls.httpsOnly }}
|
|
"http": -1,
|
|
{{- end }}
|
|
"https": 8501
|
|
}
|
|
}
|
|
{{- end }}
|
|
{{- if .Values.ui.enabled }}
|
|
ui-config.json: |-
|
|
{
|
|
"ui_config": {
|
|
{{- if (or (eq "true" (.Values.ui.metrics.enabled | toString) ) (and .Values.global.metrics.enabled (eq "-" (.Values.ui.metrics.enabled | toString)))) }}
|
|
"metrics_provider": "{{ .Values.ui.metrics.provider }}",
|
|
"metrics_proxy": {
|
|
"base_url": "{{ .Values.ui.metrics.baseURL }}"
|
|
},
|
|
{{- end }}
|
|
{{- if .Values.ui.dashboardURLTemplates.service }}
|
|
"dashboard_url_templates": {
|
|
"service": "{{ .Values.ui.dashboardURLTemplates.service }}"
|
|
},
|
|
{{- end }}
|
|
"enabled": true
|
|
}
|
|
}
|
|
{{- end }}
|
|
central-config.json: |-
|
|
{
|
|
"enable_central_service_config": true
|
|
}
|
|
{{- if .Values.global.federation.enabled }}
|
|
federation-config.json: |-
|
|
{
|
|
"primary_datacenter": "{{ .Values.global.federation.primaryDatacenter }}",
|
|
"primary_gateways": {{ .Values.global.federation.primaryGateways | toJson }},
|
|
"connect": {
|
|
"enable_mesh_gateway_wan_federation": true
|
|
}
|
|
}
|
|
{{- end }}
|
|
{{- if (and .Values.global.metrics.enabled .Values.global.metrics.enableAgentMetrics) }}
|
|
telemetry-config.json: |-
|
|
{
|
|
"telemetry": {
|
|
"prometheus_retention_time": "{{ .Values.global.metrics.agentMetricsRetentionTime }}"
|
|
}
|
|
}
|
|
{{- end }}
|
|
{{- end }}
|