validate/haproxy-unified
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit
All checks were successful
Build and Publish TechDocs / build-and-publish (push) Successful in 1m15s
Details

Browse Source 
Change-Id: I2e2564a72b6be9af536235fc3795fd788fd9257b
This commit is contained in:
Scaffolder
2026-04-15 15:41:22 +00:00
commit b6460c4ea3
180 changed files with 12299 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
haproxy/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,58 @@
HAProxy has been has been successfully installed. This Chart is used to run HAProxy as a regular application,
as opposed to HAProxy Ingress Controller Chart.
Controller image deployed is: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}".
Your HAProxy app is of a "{{ .Values.kind }}" kind.
Service ports mapped are:
{{- $nodePorts := .Values.service.nodePorts }}
{{- $servicePortType := .Values.service.type }}
{{- if eq .Values.kind "Deployment" }}
{{- range $key, $value := .Values.containerPorts }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- if and (hasKey $nodePorts $key) (eq $servicePortType "NodePort") }}
nodePort: {{ get $nodePorts $key }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq .Values.kind "DaemonSet" }}
{{- $hostPorts := .Values.daemonset.hostPorts -}}
{{- $useHostPort := .Values.daemonset.useHostPort -}}
{{- range $key, $value := .Values.containerPorts }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- if $useHostPort }}
hostPort: {{ index $hostPorts $key | default $value }}
{{- end }}
{{- if and (hasKey $nodePorts $key) (eq $servicePortType "NodePort") }}
nodePort: {{ get $nodePorts $key }}
{{- end }}
{{- end }}
{{- end }}
To be able to bind to privileged ports as non-root, the following is required:
securityContext:
enabled: true
runAsUser: 1000
runAsGroup: 1000
initContainers:
- name: sysctl
image: "busybox:musl"
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
Node IP can be found with:
$ kubectl --namespace {{ template "haproxy.namespace" . }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}"
For more examples and up to date documentation, please visit:
* Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/main/haproxy
* HAProxy Alpine Docker container documentation: https://github.com/haproxytech/haproxy-docker-alpine
* HAProxy documentation: https://www.haproxy.org/download/2.7/doc/configuration.txt

105
haproxy/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,105 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{/*
Expand the name of the chart.
*/}}
{{- define "haproxy.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "haproxy.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "haproxy.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "haproxy.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "haproxy.labels" -}}
helm.sh/chart: {{ include "haproxy.chart" . }}
{{ include "haproxy.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "haproxy.selectorLabels" -}}
app.kubernetes.io/name: {{ include "haproxy.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "haproxy.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "haproxy.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create includes name
*/}}
{{- define "haproxy.includes" -}}
{{- printf "%s-%s" (include "haproxy.fullname" .) "includes" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Encode an imagePullSecret string.
*/}}
{{- define "haproxy.imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
{{- end }}
{{/* vim: set filetype=mustache: */}}

41
haproxy/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,41 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.config }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
data:
{{ .Values.configMount.subPath | default "haproxy.cfg" }}: |+
{{ tpl .Values.config . | nindent 4 }}
{{- end }}
{{- if .Values.includes }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "haproxy.includes" . }}
namespace: {{ include "haproxy.namespace" . }}
data:
{{- range $key, $val := .Values.includes }}
{{ $key }}: | {{ $val | nindent 4 }}
{{- end }}
{{- end }}

193
haproxy/templates/daemonset.yaml Normal file
View File

@@ -0,0 +1,193 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if eq .Values.kind "DaemonSet" }}
{{- $useHostNetwork := .Values.daemonset.useHostNetwork -}}
{{- $useHostPort := .Values.daemonset.useHostPort -}}
{{- $hostPorts := .Values.daemonset.hostPorts -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
spec:
minReadySeconds: {{ .Values.minReadySeconds }}
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
{{- include "haproxy.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "haproxy.selectorLabels" . | nindent 8 }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if .Values.checksumConfigMap.enabled }}
checksum/environment: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ tpl (toYaml .Values.podAnnotations) . | indent 8 }}
{{- end }}
spec:
{{- if .Values.shareProcessNamespace.enabled }}
shareProcessNamespace: true
{{- end }}
serviceAccountName: {{ include "haproxy.serviceAccountName" . }}
{{- if hasKey .Values.serviceAccount "automountServiceAccountToken" }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if $useHostNetwork }}
hostNetwork: true
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.dnsConfig }}
dnsConfig:
{{ toYaml .Values.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- if .Values.imageCredentials.registry }}
imagePullSecrets:
- name: {{ include "haproxy.fullname" . }}
{{- else if .Values.existingImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.existingImagePullSecret }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
- name: haproxy-config
configMap:
name: {{ include "haproxy.fullname" . }}
{{- if .Values.includes }}
- name: includes
projected:
sources:
- configMap:
name: {{ include "haproxy.includes" . }}
{{- end }}
{{- range $mountedSecret := .Values.mountedSecrets }}
- name: {{ $mountedSecret.volumeName }}
secret:
secretName: {{ $mountedSecret.secretName }}
{{- end }}
{{- with.Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
{{- with.Values.sidecarContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: {{ .Chart.Name }}
{{- if .Values.securityContext.enabled }}
securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.args.enabled }}
args:
{{- range .Values.args.defaults }}
- {{ . }}
{{- end }}
{{- range .Values.args.extraArgs }}
- {{ . }}
{{- end }}
{{- end }}
ports:
{{- range $key, $value := .Values.containerPorts }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- if and $useHostPort (index $hostPorts $key) }}
hostPort: {{ index $hostPorts $key }}
{{- end }}
{{- end }}
{{- with .Values.rawContainerPorts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.startupProbe }}
startupProbe:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.extraEnvs }}
env:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.extraEnvFrom }}
envFrom:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.lifecycle) }}
{{ tpl .Values.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.lifecycle | indent 12 }}
{{- end }}
{{- end }}
volumeMounts:
- name: haproxy-config
mountPath: {{ .Values.configMount.mountPath }}
{{- if .Values.configMount.subPath }}
subPath: {{ .Values.configMount.subPath }}
{{- end }}
{{- if .Values.includes }}
- name: includes
mountPath: {{ .Values.includesMountPath }}
{{- end }}
{{- with.Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- range $mountedSecret := .Values.mountedSecrets }}
- name: {{ $mountedSecret.volumeName }}
mountPath: {{ $mountedSecret.mountPath }}
{{- end }}
{{- with.Values.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

198
haproxy/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,198 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if eq .Values.kind "Deployment" }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
{{- if .Values.deploymentLabels }}
{{ tpl (toYaml .Values.deploymentLabels) . | indent 4 }}
{{- end }}
annotations:
{{- if .Values.deploymentAnnotations }}
{{ tpl (toYaml .Values.deploymentAnnotations) . | indent 4 }}
{{- end }}
spec:
minReadySeconds: {{ .Values.minReadySeconds }}
{{- if and (not .Values.autoscaling.enabled) (not .Values.keda.enabled) }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "haproxy.selectorLabels" . | nindent 6 }}
{{- with .Values.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "haproxy.selectorLabels" . | nindent 8 }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if .Values.checksumConfigMap.enabled }}
checksum/environment: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ tpl (toYaml .Values.podAnnotations) . | indent 8 }}
{{- end }}
spec:
{{- if .Values.shareProcessNamespace.enabled }}
shareProcessNamespace: true
{{- end }}
serviceAccountName: {{ include "haproxy.serviceAccountName" . }}
{{- if hasKey .Values.serviceAccount "automountServiceAccountToken" }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.dnsConfig }}
dnsConfig:
{{ toYaml .Values.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- if .Values.imageCredentials.registry }}
imagePullSecrets:
- name: {{ include "haproxy.fullname" . }}
{{- else if .Values.existingImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.existingImagePullSecret }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
- name: haproxy-config
configMap:
name: {{ include "haproxy.fullname" . }}
{{- if .Values.includes }}
- name: includes
projected:
sources:
- configMap:
name: {{ include "haproxy.includes" . }}
{{- end }}
{{- range $mountedSecret := .Values.mountedSecrets }}
- name: {{ $mountedSecret.volumeName }}
secret:
secretName: {{ $mountedSecret.secretName }}
{{- end }}
{{- with.Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
{{- with.Values.sidecarContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: {{ .Chart.Name }}
{{- if .Values.securityContext.enabled }}
securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.args.enabled }}
args:
{{- range .Values.args.defaults }}
- {{ . }}
{{- end }}
{{- range .Values.args.extraArgs }}
- {{ . }}
{{- end }}
{{- end }}
ports:
{{- range $key, $value := .Values.containerPorts }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- end }}
{{- with .Values.rawContainerPorts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.startupProbe }}
startupProbe:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.extraEnvs }}
env:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.extraEnvFrom }}
envFrom:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.lifecycle) }}
{{ tpl .Values.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.lifecycle | indent 12 }}
{{- end }}
{{- end }}
volumeMounts:
- name: haproxy-config
mountPath: {{ .Values.configMount.mountPath }}
{{- if .Values.configMount.subPath }}
subPath: {{ .Values.configMount.subPath }}
{{- end }}
{{- if .Values.includes }}
- name: includes
mountPath: {{ .Values.includesMountPath }}
{{- end }}
{{- with.Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- range $mountedSecret := .Values.mountedSecrets }}
- name: {{ $mountedSecret.volumeName }}
mountPath: {{ $mountedSecret.mountPath }}
{{- end }}
{{- with.Values.initContainers }}
initContainers:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

63
haproxy/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,63 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (eq .Values.kind "Deployment") .Values.autoscaling.enabled }}
{{- if not .Values.keda.enabled }}
{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }}
apiVersion: autoscaling/v2
{{- else if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }}
apiVersion: autoscaling/v2beta2
{{- else }}
{{- fail "ERROR: You must have autoscaling/v2 or autoscaling/v2beta2 to use HorizontalPodAutoscaler" }}
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "haproxy.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
{{- if .Values.autoscaling.behavior }}
behavior: {{- toYaml .Values.autoscaling.behavior | nindent 4 }}
{{- end }}
metrics:
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- with .Values.autoscaling.additionalMetrics }}
{{- toYaml . | trim | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

40
haproxy/templates/httproute.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.httpRoute.enabled -}}
{{- $fullName := include "haproxy.fullname" . -}}
{{- $svcPort := .Values.httpRoute.servicePort -}}
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: {{ $fullName }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
{{- with .Values.httpRoute.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.httpRoute.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
parentRefs:
{{- with .Values.httpRoute.parentRefs }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.httpRoute.hostnames }}
hostnames:
{{- toYaml . | nindent 4 }}
{{- end }}
rules:
{{- range .Values.httpRoute.rules }}
{{- with .matches }}
- matches:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .filters }}
filters:
{{- toYaml . | nindent 8 }}
{{- end }}
backendRefs:
- name: {{ $fullName }}
port: {{ $svcPort }}
{{- end }}
{{- end }}

59
haproxy/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,59 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "haproxy.fullname" . -}}
{{- $svcPort := .Values.ingress.servicePort -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
{{- with .Values.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- toYaml .Values.ingress.tls | nindent 4 }}
{{- end -}}
{{- end }}

54
haproxy/templates/keda.yaml Normal file
View File

@@ -0,0 +1,54 @@
{{/*
Copyright 2021 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (eq .Values.kind "Deployment") .Values.keda.enabled }}
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
{{- if .Values.keda.scaledObject.annotations }}
annotations: {{ toYaml .Values.keda.scaledObject.annotations | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "haproxy.fullname" . }}
pollingInterval: {{ .Values.keda.pollingInterval }}
cooldownPeriod: {{ .Values.keda.cooldownPeriod }}
minReplicaCount: {{ .Values.keda.minReplicas }}
maxReplicaCount: {{ .Values.keda.maxReplicas }}
triggers:
{{- with .Values.keda.triggers }}
{{ toYaml . | indent 2 }}
{{ end }}
{{- with .Values.keda.fallback }}
fallback:
{{ toYaml . | indent 4 }}
{{- end }}
advanced:
restoreToOriginalReplicaCount: {{ .Values.keda.restoreToOriginalReplicaCount }}
{{- if .Values.keda.behavior }}
horizontalPodAutoscalerConfig:
behavior:
{{ with .Values.keda.behavior -}}
{{ toYaml . | indent 8 }}
{{ end }}
{{- end }}
{{- end }}

41
haproxy/templates/poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,41 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.PodDisruptionBudget.enable }}
{{- if .Capabilities.APIVersions.Has "policy/v1" }}
apiVersion: policy/v1
{{- else if .Capabilities.APIVersions.Has "policy/v1beta1" }}
apiVersion: policy/v1beta1
{{- else }}
{{- fail "ERROR: You must have policy/v1 or policy/v1 to use PodDisruptionBudget" }}
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
spec:
{{- if .Values.PodDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.PodDisruptionBudget.maxUnavailable }}
{{- end }}
{{- if .Values.PodDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.PodDisruptionBudget.minAvailable }}
{{- end }}
selector:
matchLabels:
{{- include "haproxy.selectorLabels" . | nindent 6 }}
{{- end }}

85
haproxy/templates/podsecuritypolicy.yaml Normal file
View File

@@ -0,0 +1,85 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (semverCompare "<1.25.0-0" .Capabilities.KubeVersion.Version) }}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
{{- $useHostNetwork := .Values.daemonset.useHostNetwork -}}
{{- $useHostPort := .Values.daemonset.useHostPort -}}
{{- $hostPorts := .Values.daemonset.hostPorts -}}
{{- if .Capabilities.APIVersions.Has "policy/v1/PodSecurityPolicy" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodSecurityPolicy
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
{{- if .Values.podSecurityPolicy.annotations }}
annotations:
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
{{- else }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
{{- end }}
spec:
allowPrivilegeEscalation: true
allowedCapabilities:
- NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false
fsGroup:
rule: MustRunAs
ranges:
- max: 65535
min: 1
{{- if $useHostNetwork }}
hostNetwork: true
{{- end }}
{{- if or $useHostPort $useHostNetwork }}
hostPorts:
{{- range $key, $value := .Values.containerPorts }}
- min: {{ $value }}
max: {{ $value }}
{{- end }}
{{- end }}
hostIPC: false
hostPID: false
privileged: false
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes:
- configMap
- emptyDir
- projected
- secret
{{- with .Values.podSecurityPolicy.allowedUnsafeSysctls }}
allowedUnsafeSysctls:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

28
haproxy/templates/pullsecret.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.imageCredentials.registry }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ include "haproxy.imagePullSecret" . }}
{{- end }}

34
haproxy/templates/role.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
rules:
- apiGroups:
- "policy"
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ include "haproxy.fullname" . }}
{{- end -}}

33
haproxy/templates/rolebinding.yaml Normal file
View File

@@ -0,0 +1,33 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "haproxy.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "haproxy.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

91
haproxy/templates/service.yaml Normal file
View File

@@ -0,0 +1,91 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
{{- range $key, $value := .Values.service.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
type: {{ .Values.service.type }}
selector:
{{- include "haproxy.selectorLabels" . | nindent 4 }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
{{- end }}
{{- if .Values.service.internalTrafficPolicy }}
internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy }}
{{- end }}
{{- with .Values.service.clusterIP }}
clusterIP: {{ . | quote}}
{{- end }}
{{- with .Values.service.loadBalancerIP }}
loadBalancerIP: {{ . | quote }}
{{- end }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if .Values.service.ipFamilies }}
ipFamilies:
{{- toYaml .Values.service.ipFamilies | nindent 2 }}
{{- end }}
{{- if .Values.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy | quote }}
{{- end }}
{{- with .Values.service.externalIPs }}
externalIPs:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if or .Values.containerPorts .Values.service.additionalPorts .Values.service.rawAdditionalPorts }}
{{- $nodePorts := .Values.service.nodePorts }}
{{- $servicePortType := .Values.service.type }}
ports:
{{- with .Values.containerPorts }}
{{- range $key, $port := . }}
- name: {{ $key }}
protocol: TCP
port: {{ $port }}
targetPort: {{ $key }}
{{- if and (hasKey $nodePorts $key) (eq $servicePortType "NodePort") }}
nodePort: {{ get $nodePorts $key }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.service.additionalPorts }}
{{- range $key, $port := . }}
- name: {{ $key }}
protocol: TCP
port: {{ $port }}
targetPort: {{ $key }}
{{- if and (hasKey $nodePorts $key) (eq $servicePortType "NodePort") }}
nodePort: {{ get $nodePorts $key }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.service.rawAdditionalPorts }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

32
haproxy/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "haproxy.serviceAccountName" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if hasKey .Values.serviceAccount "automountServiceAccountToken" }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}
{{- end }}

37
haproxy/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{/*
Copyright 2022 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "haproxy.fullname" . }}
namespace: {{ include "haproxy.namespace" . }}
labels:
{{- include "haproxy.labels" . | nindent 4 }}
{{- if .Values.serviceMonitor.extraLabels }}
{{ toYaml .Values.serviceMonitor.extraLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
{{ .Values.serviceMonitor.endpoints | toYaml | nindent 4 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "haproxy.selectorLabels" . | nindent 6 }}
{{- end }}