265 lines
7.8 KiB
YAML
265 lines
7.8 KiB
YAML
{{- if .Values.openshift }}
|
|
apiVersion: apps.openshift.io/v1
|
|
kind: DeploymentConfig
|
|
{{- else }}
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
{{- end }}
|
|
metadata:
|
|
name: {{ include "citrix-ingress-controller.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
spec:
|
|
selector:
|
|
{{- if .Values.openshift }}
|
|
router: {{ include "citrix-ingress-controller.fullname" . }}
|
|
{{- else }}
|
|
matchLabels:
|
|
app: {{ include "citrix-ingress-controller.fullname" . }}
|
|
{{- end }}
|
|
replicas: 1
|
|
{{- if .Values.openshift }}
|
|
strategy:
|
|
resources: {}
|
|
rollingParams:
|
|
intervalSeconds: 1
|
|
maxSurge: 0
|
|
maxUnavailable: 25%
|
|
timeoutSeconds: 600
|
|
updatePeriodSeconds: 1
|
|
type: Rolling
|
|
{{- end }}
|
|
template:
|
|
metadata:
|
|
name: cic
|
|
labels:
|
|
{{- if .Values.openshift }}
|
|
router: {{ include "citrix-ingress-controller.fullname" . }}
|
|
{{- else }}
|
|
app: {{ include "citrix-ingress-controller.fullname" . }}
|
|
{{- end }}
|
|
{{- with .Values.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
serviceAccountName: {{ include "citrix-ingress-controller.serviceAccountName" . }}
|
|
containers:
|
|
- name: cic
|
|
image: "{{ tpl .Values.image . }}"
|
|
imagePullPolicy: {{ .Values.pullPolicy }}
|
|
args:
|
|
- --configmap
|
|
{{ .Release.Namespace }}/{{ include "cicconfigmap.fullname" . }}
|
|
{{- if .Values.defaultSSLCertSecret }}
|
|
- --default-ssl-certificate
|
|
{{ .Release.Namespace }}/{{ .Values.defaultSSLCertSecret }}
|
|
{{- end }}
|
|
{{- if .Values.ingressClass }}
|
|
- --ingress-classes
|
|
{{- range .Values.ingressClass}}
|
|
{{.}}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.serviceClass }}
|
|
- --service-classes
|
|
{{- range .Values.serviceClass}}
|
|
{{.}}
|
|
{{- end }}
|
|
{{- end }}
|
|
- --feature-node-watch
|
|
{{ .Values.nodeWatch }}
|
|
- --enable-cnc-pbr
|
|
{{ .Values.cncPbr }}
|
|
{{- if .Values.ipam }}
|
|
- --ipam
|
|
citrix-ipam-controller
|
|
{{- end }}
|
|
{{- if .Values.disableAPIServerCertVerify }}
|
|
- --disable-apiserver-cert-verify
|
|
{{ .Values.disableAPIServerCertVerify }}
|
|
{{- end }}
|
|
{{- if .Values.updateIngressStatus }}
|
|
- --update-ingress-status
|
|
yes
|
|
{{- end }}
|
|
env:
|
|
- name: "NS_IP"
|
|
value: "{{ .Values.nsIP }}"
|
|
{{- if .Values.nsVIP }}
|
|
- name: "NS_VIP"
|
|
value: "{{ .Values.nsVIP }}"
|
|
{{- end }}
|
|
{{- if .Values.rbacRole }}
|
|
- name: "SCOPE"
|
|
value: "local"
|
|
{{- end }}
|
|
{{- if .Values.nitroReadTimeout }}
|
|
- name: "NS_NITRO_READ_TIMEOUT"
|
|
value: "{{ .Values.nitroReadTimeout }}"
|
|
{{- end }}
|
|
- name: "NS_USER"
|
|
{{- if and .Values.secretStore.enabled .Values.secretStore.username}}
|
|
{{- toYaml .Values.secretStore.username | nindent 10 }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.adcCredentialSecret }}
|
|
key: username
|
|
{{- end }}
|
|
- name: "NS_PASSWORD"
|
|
{{- if and .Values.secretStore.enabled .Values.secretStore.password}}
|
|
{{- toYaml .Values.secretStore.password | nindent 10 }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.adcCredentialSecret }}
|
|
key: password
|
|
{{- end }}
|
|
- name: "EULA"
|
|
value: "{{ .Values.license.accept }}"
|
|
{{- if and .Values.openshift .Values.routeLabels }}
|
|
- name: "ROUTE_LABELS"
|
|
value: {{ .Values.routeLabels | quote}}
|
|
{{- end }}
|
|
{{- if and .Values.openshift .Values.namespaceLabels }}
|
|
- name: "NAMESPACE_LABELS"
|
|
value: {{ .Values.namespaceLabels | quote }}
|
|
{{- end }}
|
|
- name: "NS_APPS_NAME_PREFIX"
|
|
value: {{ .Values.entityPrefix | default "k8s"| quote }}
|
|
{{- if .Values.kubernetesURL }}
|
|
- name: "kubernetes_url"
|
|
value: "{{ .Values.kubernetesURL }}"
|
|
{{- end }}
|
|
{{- if .Values.clusterName }}
|
|
- name: "CLUSTER_NAME"
|
|
value: "{{ .Values.clusterName }}"
|
|
{{- end }}
|
|
{{- if .Values.logProxy }}
|
|
- name: "NS_LOGPROXY"
|
|
value: "{{ .Values.logProxy }}"
|
|
{{- end }}
|
|
{{- if .Values.disableOpenshiftRoutes }}
|
|
- name: "DISABLE_OPENSHIFT_ROUTES"
|
|
value: "{{ .Values.disableOpenshiftRoutes }}"
|
|
{{- end }}
|
|
{{- if .Values.nsConfigDnsRec }}
|
|
- name: "NS_CONFIG_DNS_REC"
|
|
value: "{{ .Values.nsConfigDnsRec }}"
|
|
{{- end }}
|
|
{{- if .Values.nsSvcLbDnsRec }}
|
|
- name: "NS_SVC_LB_DNS_REC"
|
|
value: "{{ .Values.nsSvcLbDnsRec }}"
|
|
{{- end }}
|
|
{{- if .Values.optimizeEndpointBinding }}
|
|
- name: "OPTIMIZE_ENDPOINT_BINDING"
|
|
value: "{{ .Values.optimizeEndpointBinding }}"
|
|
{{- end }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
{{- if ne (len .Values.extraVolumeMounts) 0 }}
|
|
volumeMounts:
|
|
{{- toYaml .Values.extraVolumeMounts | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.exporter.required }}
|
|
- name: exporter
|
|
image: "{{ tpl .Values.exporter.image . }}"
|
|
imagePullPolicy: {{ .Values.exporter.pullPolicy }}
|
|
args:
|
|
- "--target-nsip={{ .Values.nsIP }}"
|
|
- "--port={{ .Values.exporter.ports.containerPort }}"
|
|
env:
|
|
- name: "NS_USER"
|
|
{{- if and .Values.secretStore.enabled .Values.secretStore.username}}
|
|
{{- toYaml .Values.secretStore.username | nindent 10 }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.adcCredentialSecret }}
|
|
key: username
|
|
{{- end }}
|
|
- name: "NS_PASSWORD"
|
|
{{- if and .Values.secretStore.enabled .Values.secretStore.password}}
|
|
{{- toYaml .Values.secretStore.password | nindent 10 }}
|
|
{{- else }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.adcCredentialSecret }}
|
|
key: password
|
|
{{- end }}
|
|
{{- if ne (len .Values.exporter.extraVolumeMounts) 0 }}
|
|
volumeMounts:
|
|
{{- toYaml .Values.exporter.extraVolumeMounts | nindent 8 }}
|
|
{{- end }}
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
resources:
|
|
{{- toYaml .Values.exporter.resources | nindent 12 }}
|
|
{{- end }}
|
|
{{- if or (and .Values.extraVolumeMounts .Values.extraVolumes) (and .Values.exporter.extraVolumeMounts .Values.extraVolumes) }}
|
|
volumes:
|
|
{{- end }}
|
|
{{- if ne (len .Values.extraVolumes) 0 }}
|
|
{{ toYaml .Values.extraVolumes | indent 6 }}
|
|
{{- end }}
|
|
{{- if and .Values.nodeSelector.key .Values.nodeSelector.value }}
|
|
nodeSelector:
|
|
{{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }}
|
|
{{- end }}
|
|
{{- if .Values.tolerations }}
|
|
tolerations: {{ .Values.tolerations | toYaml | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
|
|
---
|
|
|
|
{{- if .Values.exporter.required }}
|
|
|
|
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: {{ include "exporter.fullname" . }}
|
|
labels:
|
|
app: {{ include "exporter.fullname" . }}
|
|
service-type: {{ include "servicemonitorlabel" . }}
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: {{ .Values.exporter.ports.containerPort }}
|
|
targetPort: {{ .Values.exporter.ports.containerPort }}
|
|
name: exporter-port
|
|
selector:
|
|
{{- if .Values.openshift }}
|
|
router: {{ include "citrix-ingress-controller.fullname" . }}
|
|
{{- else }}
|
|
app: {{ include "citrix-ingress-controller.fullname" . }}
|
|
{{- end }}
|
|
|
|
---
|
|
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: ServiceMonitor
|
|
metadata:
|
|
name: {{ include "servicemonitor.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
servicemonitor: citrix-adc
|
|
spec:
|
|
endpoints:
|
|
- interval: 30s
|
|
port: exporter-port
|
|
selector:
|
|
matchLabels:
|
|
service-type: {{ include "servicemonitorlabel" . }}
|
|
namespaceSelector:
|
|
matchNames:
|
|
- monitoring
|
|
- default
|
|
- {{ .Release.Namespace }}
|
|
|
|
{{- end }}
|