65d0ce3ad3
All checks were successful
Build and Publish TechDocs (Helm Chart Resource) / build-and-publish-helm-chart (push) Successful in 1m9s
Change-Id: I26d65d84aa31f5cc4cc0835e3fb7269fedc73b45
691 lines
25 KiB
YAML
691 lines
25 KiB
YAML
# Copyright 2019 HAProxy Technologies LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## Default values for kubernetes-ingress Chart for HAProxy Ingress Controller
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
|
|
|
|
podSecurityPolicy:
|
|
## Specify pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
|
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
|
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
|
annotations: {}
|
|
# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
|
|
# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
|
|
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default
|
|
# seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
|
|
enabled: false
|
|
|
|
## Enable RBAC Authorization
|
|
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
|
|
rbac:
|
|
create: true
|
|
|
|
## Create namespace
|
|
## https://kubernetes.io/docs/tasks/administer-cluster/namespaces-walkthrough/
|
|
namespace:
|
|
create: false
|
|
|
|
## Configure Service Account
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
serviceAccount:
|
|
create: true
|
|
name:
|
|
automountServiceAccountToken: true
|
|
|
|
## Namespace override
|
|
## Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
|
# namespaceOverride: haproxytech
|
|
|
|
## AWS Market Place integration
|
|
## Allows installation of the HAPEE Ingress Controller on AWS EKS and EKS-Anywhere.
|
|
## ref: https://docs.aws.amazon.com/marketplace/latest/userguide/container-anywhere-license-manager-integration.html
|
|
aws:
|
|
## Name of the Secret deployed in the desired namespace containing the AWS license files
|
|
licenseConfigSecretName: ""
|
|
|
|
## Controller default values
|
|
controller:
|
|
name: controller
|
|
image:
|
|
repository: docker.io/haproxytech/kubernetes-ingress # can be changed to use CE or EE Controller images
|
|
tag: "" # overrides the image tag whose default is the chart appVersion
|
|
pullPolicy: IfNotPresent
|
|
|
|
## Deployment or DaemonSet pod mode
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
|
|
kind: Deployment # can be 'Deployment' or 'DaemonSet'
|
|
replicaCount: 2
|
|
|
|
## minReadySeconds setting of Deployment or DaemonSet
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#min-ready-seconds
|
|
minReadySeconds: 0
|
|
|
|
## Running container without root privileges
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
unprivileged: true
|
|
|
|
## Allow privileged port binding without root privileges
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
|
|
## Note: this feature enables net.ipv4.ip_unprivileged_port_start=0 sysctl when running in unprivileged mode
|
|
allowPrivilegedPorts: false
|
|
|
|
## Restricts container syscalls
|
|
## ref: https://kubernetes.io/docs/tutorials/security/seccomp/
|
|
enableRuntimeDefaultSeccompProfile: true
|
|
|
|
## Privilege escalation
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
allowPrivilegeEscalation: false
|
|
|
|
## Init Containers
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
initContainers: []
|
|
# - name: sysctl
|
|
# image: "busybox:musl"
|
|
# command:
|
|
# - /bin/sh
|
|
# - -c
|
|
# - sysctl -w net.core.somaxconn=65536
|
|
# securityContext:
|
|
# privileged: true
|
|
|
|
## Pod sysctls (applies to Deployment/DaemonSet template)
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
|
|
## Note: when unprivileged=true and allowPrivilegedPorts=true, the chart will also
|
|
## set net.ipv4.ip_unprivileged_port_start=0 unless you override it here.
|
|
sysctls: {}
|
|
# "net.core.somaxconn": "8192"
|
|
|
|
## Pod termination grace period
|
|
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
|
|
terminationGracePeriodSeconds: 60
|
|
|
|
## Private Registry configuration
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
imageCredentials:
|
|
registry: null
|
|
username: null
|
|
password: null
|
|
existingImagePullSecret: null
|
|
|
|
## Controller Container listener port configuration
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
|
|
## Note: If binding to privileged ports, allowPrivilegeEscalation will be required for NET_BIND_SERVICE to apply
|
|
containerPort:
|
|
http: 8080
|
|
https: 8443
|
|
stat: 1024
|
|
admin: 6060
|
|
|
|
## Controller Container liveness/readiness probe configuration
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 1042
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 1042
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
|
|
startupProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 1042
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 30
|
|
|
|
## IngressClass:
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/ingressclass.md
|
|
|
|
# k8s >= 1.18: IngressClass resource used, in multi-ingress environments, to select ingress resources to implement.
|
|
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
|
|
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class
|
|
# Note: Uses ingressClass as name for the Ingress Class object if enabled
|
|
ingressClassResource:
|
|
name: haproxy
|
|
default: false
|
|
parameters: {}
|
|
|
|
# k8s < 1.18: Ingress Class used, in multi-ingress environments, for ingress.class annotation to select ingress resources to implement.
|
|
# k8s >= 1.18: Ingress Class used to target specific HAProxy Ingress Controller in multi-ingress envionments
|
|
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers
|
|
ingressClass: haproxy # typically "haproxy" or null to receive all events
|
|
|
|
# Gateway API controller, not available in K8s as default but can be installed
|
|
# ref: https://gateway-api.sigs.k8s.io/
|
|
# ref: https://gateway-api.sigs.k8s.io/guides/#installing-a-gateway-controller
|
|
kubernetesGateway:
|
|
enabled: false
|
|
gatewayControllerName: haproxy.org/gateway-controller
|
|
|
|
## Additional labels to add to the deployment or daemonset metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
extraLabels: {}
|
|
# key: value
|
|
|
|
## Additional annotations to add to the deployment or daemonset metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
annotations: {}
|
|
# key: value
|
|
|
|
## Additional labels to add to the pod container metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
podLabels: {}
|
|
# key: value
|
|
|
|
## Additional annotations to add to the pod container metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
podAnnotations: {}
|
|
# key: value
|
|
|
|
## Allows to enable/disable environment variables for finding services
|
|
## ref: https://kubernetes.io/docs/tutorials/services/connect-applications-service/#accessing-the-service
|
|
## Note: Possible performance issues in large clusters: https://github.com/kubernetes/kubernetes/issues/92615
|
|
enableServiceLinks: true
|
|
|
|
## Ingress TLS secret, if it is enabled and secret is null then controller will use auto-generated secret, otherwise
|
|
## secret needs to contain name of the Secret object which has been created manually
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
|
|
defaultTLSSecret:
|
|
enabled: true
|
|
secretNamespace: '{{ include "kubernetes-ingress.namespace" . }}'
|
|
secret: null
|
|
|
|
## Compute Resources for controller container
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
resources:
|
|
# limits:
|
|
# cpu: 250m
|
|
# memory: 400Mi
|
|
requests:
|
|
cpu: 250m
|
|
memory: 400Mi
|
|
|
|
## Horizontal Pod Scaler
|
|
## Only to be used with Deployment kind
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 2
|
|
maxReplicas: 20
|
|
targetCPUUtilizationPercentage: 80
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
## HPA annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
annotations: {}
|
|
# annotationKey: value
|
|
|
|
## Behavior
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configurable-scaling-behavior
|
|
# behavior:
|
|
# scaleDown:
|
|
# stabilizationWindowSeconds: 3600
|
|
|
|
## Custom metrics (example)
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
|
|
# custom:
|
|
# - type: Pods
|
|
# pods:
|
|
# metricName: haproxy_backend_current_sessions
|
|
# targetAverageValue: 2000
|
|
|
|
## Kubernetes Event-driven Autoscaling: KEDA 2.x
|
|
## ref: https://keda.sh/docs/2.3/concepts/scaling-deployments/
|
|
## Note: mutually exclusive with HPA, enabling KEDA disables HPA
|
|
## Node: requires serviceMonitor enabled
|
|
keda:
|
|
enabled: false
|
|
minReplicas: 2
|
|
maxReplicas: 20
|
|
pollingInterval: 30
|
|
cooldownPeriod: 300
|
|
restoreToOriginalReplicaCount: false
|
|
# fallback:
|
|
# failureThreshold: 3
|
|
# replicas: 6
|
|
# behavior: static
|
|
scaledObject:
|
|
annotations: {}
|
|
horizontalPodAutoscalerConfig: {}
|
|
# name: ""
|
|
# behavior:
|
|
# scaleDown:
|
|
# stabilizationWindowSeconds: 300
|
|
# policies:
|
|
# - type: Percent
|
|
# value: 100
|
|
# periodSeconds: 15
|
|
triggers: []
|
|
# - type: prometheus
|
|
# metadata:
|
|
# serverAddress: http://<prometheus-host>:9090
|
|
# metricName: haproxy_process_idle_time_percent
|
|
# threshold: '50'
|
|
# query: avg(100-avg_over_time(haproxy_process_idle_time_percent{container="kubernetes-ingress-controller",service="mytest-kubernetes-ingress"}[2m]))
|
|
|
|
## Pod Disruption Budget
|
|
## Only to be used with Deployment kind
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
PodDisruptionBudget:
|
|
enable: false
|
|
# maxUnavailable: 1
|
|
# minAvailable: 1
|
|
|
|
## Pod Node assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
nodeSelector: {}
|
|
|
|
## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
tolerations: []
|
|
# - key: "key"
|
|
# operator: "Equal|Exists"
|
|
# value: "value"
|
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
|
|
|
## Node Affinity for pod-node scheduling constraints
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
affinity: {}
|
|
|
|
## Topology spread constraints (only used in kind: Deployment)
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
topologySpreadConstraints: []
|
|
# - maxSkew: 1
|
|
# topologyKey: kubernetes.io/zone
|
|
# whenUnsatisfiable: DoNotSchedule
|
|
# labelSelector:
|
|
# matchLabels:
|
|
# app.kubernetes.io/name: kubernetes-ingress
|
|
# app.kubernetes.io/instance: kubernetes-ingress
|
|
|
|
## Pod DNS Config
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
|
|
dnsConfig: {}
|
|
|
|
## Pod DNS Policy
|
|
## Change this to ClusterFirstWithHostNet in case you have useHostNetwork set to true
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
|
|
dnsPolicy: ClusterFirst
|
|
|
|
## Additional command line arguments to pass to Controller
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
|
|
extraArgs: []
|
|
# - --namespace-whitelist=default
|
|
# - --namespace-whitelist=namespace1
|
|
# - --namespace-blacklist=namespace2
|
|
# - --disable-ipv4
|
|
# - --disable-ipv6
|
|
# - --disable-http
|
|
# - --disable-https
|
|
# - --disable-quic
|
|
# - --sync-period=10s
|
|
|
|
## Custom configuration for Controller
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
|
|
config: {}
|
|
# timeout-connect: "250ms"
|
|
# servers-increment: "10"
|
|
# servers-increment-max-disabled: "10"
|
|
# rate-limit: "ON"
|
|
# rate-limit-expire: "1m"
|
|
# rate-limit-interval: "10s"
|
|
# rate-limit-size: "100k"
|
|
|
|
## Extra annotation for custom configmap for Controller
|
|
configAnnotations: {}
|
|
# annotationKey: value
|
|
|
|
## Controller Logging configuration
|
|
## Careful: this block will be ignored if you use config.cr-global.
|
|
## In this case, move your logging config in entry spec.log_targets in your CR.
|
|
logging:
|
|
## Controller logging level
|
|
## This only relevant to Controller logs
|
|
level: info
|
|
|
|
## HAProxy traffic logs
|
|
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation#logging
|
|
traffic: {}
|
|
# address: "stdout"
|
|
# format: "raw"
|
|
# facility: "daemon"
|
|
|
|
## Mirrors the address of the service's endpoints to the
|
|
## load-balancer status of all Ingress objects it satisfies.
|
|
publishService:
|
|
enabled: true
|
|
##
|
|
## Override of the publish service
|
|
## Must be <namespace>/<service_name>
|
|
pathOverride: ""
|
|
|
|
## Controller Service configuration
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
service:
|
|
enabled: true # set to false when controller.kind is 'DaemonSet' and controller.daemonset.useHostPorts is true
|
|
|
|
type: NodePort # can be 'ClusterIP', 'NodePort' or 'LoadBalancer'
|
|
|
|
## Service annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
annotations: {}
|
|
|
|
## Service labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
labels: {}
|
|
|
|
## Health check node port
|
|
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
|
healthCheckNodePort: 0
|
|
|
|
## Service nodePorts to use for http, https and stat
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
## If empty, random ports will be used
|
|
nodePorts: {}
|
|
# http: 31080
|
|
# https: 31443
|
|
# stat: 31024
|
|
# admin: 31060
|
|
|
|
## Service ports to use for http, https and stat
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
ports:
|
|
http: 80
|
|
https: 443
|
|
stat: 1024
|
|
admin: 6060
|
|
|
|
## The controller service ports for http, https and stat can be disabled by
|
|
## setting below to false - this could be useful when only deploying haproxy
|
|
## as a TCP loadbalancer
|
|
## Note: At least one port (http, https, stat or from tcpPorts) has to be enabled
|
|
enablePorts:
|
|
http: true
|
|
https: true
|
|
quic: true
|
|
stat: true
|
|
admin: true
|
|
|
|
## Target port mappings for http, https and stat
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
targetPorts:
|
|
http: http
|
|
https: https
|
|
quic: quic
|
|
stat: stat
|
|
admin: admin
|
|
|
|
## Additional tcp ports to expose
|
|
## This is especially useful for TCP services:
|
|
## https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
|
|
tcpPorts: []
|
|
# - name: http-alt
|
|
# port: 8080
|
|
# targetPort: http-alt
|
|
# nodePort: 32080
|
|
|
|
## Set external traffic policy
|
|
## Default is "Cluster", setting it to "Local" preserves source IP
|
|
## ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
|
|
# externalTrafficPolicy: "Local"
|
|
|
|
## Expose service via external IPs that route to one or more cluster nodes
|
|
externalIPs: []
|
|
|
|
## LoadBalancer IP
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
|
|
loadBalancerIP: ""
|
|
|
|
## Source IP ranges permitted to access Network Load Balancer
|
|
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
|
|
loadBalancerSourceRanges: []
|
|
|
|
## Class of load balancer implementation
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
|
|
loadBalancerClass: null
|
|
|
|
## Service ClusterIP
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
# clusterIP: ""
|
|
|
|
## IPv4/IPv6 dual-stack
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/
|
|
##
|
|
# ipFamilies: [IPv4, IPv6]
|
|
# ipFamilyPolicy: PreferDualStack
|
|
|
|
## Service session affinity
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
# sessionAffinity: ""
|
|
|
|
## Controller Metrics Service configuration
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
|
metrics:
|
|
type: ClusterIP # can be 'ClusterIP', 'NodePort' or 'LoadBalancer'
|
|
|
|
## Service annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
annotations: {}
|
|
|
|
## Service labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
labels: {}
|
|
|
|
## Controller Deployment configuration
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
|
deployment:
|
|
useHostNetwork: false # also modify dnsPolicy accordingly
|
|
useHostPort: false
|
|
hostIP: null
|
|
hostPorts:
|
|
http: 80
|
|
https: 443
|
|
stat: 1024
|
|
|
|
## Controller DaemonSet configuration
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
|
|
daemonset:
|
|
useHostNetwork: false # also modify dnsPolicy accordingly
|
|
useHostPort: false
|
|
hostIP: null
|
|
hostPorts:
|
|
http: 80
|
|
https: 443
|
|
stat: 1024
|
|
|
|
## Controller deployment strategy definition
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
|
## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
|
|
strategy:
|
|
type: RollingUpdate
|
|
|
|
## Controller Pod PriorityClass
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
|
priorityClassName: ""
|
|
|
|
## Pod runtime class name
|
|
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
|
|
runtimeClassName: ""
|
|
|
|
## Controller container lifecycle handlers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
|
|
lifecycle: {}
|
|
## Example preStop for graceful shutdown
|
|
# preStop:
|
|
# exec:
|
|
# command: ["/bin/sh", "-c", "kill -USR1 $(pidof haproxy); while killall -0 haproxy; do sleep 1; done"]
|
|
|
|
## Set additional environment variables
|
|
extraEnvs: []
|
|
## Set TZ env to configure timezone on controller containers
|
|
# - name: TZ
|
|
# value: "Etc/UTC"
|
|
|
|
## Use envFrom to add env vars from a secret or ConfigMap to the HAProxy container
|
|
## ref: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
|
|
extraEnvFrom: []
|
|
## Example passing the pod IP into a container
|
|
# - configMapRef:
|
|
# name: ha-env-config
|
|
|
|
## Add additional containers
|
|
extraContainers: []
|
|
## Example sidecar
|
|
# - name: sidecar
|
|
# image: alpine # alpine is a simple Linux OS image
|
|
# command: ["/bin/sh"]
|
|
# args: ["-c", "while true; do date; sleep 5;done"]
|
|
|
|
## Additional volumeMounts to the controller main container
|
|
extraVolumeMounts: []
|
|
## Example empty volume mounts when using securityContext->readOnlyRootFilesystem
|
|
# - name: etc-haproxy
|
|
# mountPath: /etc/haproxy
|
|
# - name: tmp
|
|
# mountPath: /tmp
|
|
# - name: var-state-haproxy
|
|
# mountPath: /var/state/haproxy
|
|
|
|
## Additional volumes to the controller pod
|
|
extraVolumes: []
|
|
## Example empty volumes when using securityContext->readOnlyRootFilesystem
|
|
# - name: etc-haproxy
|
|
# emptyDir: {}
|
|
# - name: tmp
|
|
# emptyDir: {}
|
|
# - name: var-state-haproxy
|
|
# emptyDir: {}
|
|
|
|
## ServiceMonitor
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md
|
|
## Note: requires Prometheus Operator to be able to work, for example:
|
|
## helm install prometheus prometheus-community/kube-prometheus-stack \
|
|
## --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
|
|
## --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
|
|
serviceMonitor:
|
|
## Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured
|
|
## Should not be enabled when controller.podMonitor.enabled is true
|
|
enabled: false
|
|
|
|
## Specify the labels to add to the ServiceMonitors to be selected for target discovery
|
|
extraLabels: {}
|
|
|
|
## Specify the endpoints
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/design.md#servicemonitor
|
|
endpoints:
|
|
- port: stat
|
|
path: /metrics
|
|
scheme: http
|
|
interval: 30s
|
|
|
|
## PodMonitor
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md
|
|
## Note: requires Prometheus Operator to be able to work, for example:
|
|
## helm install prometheus prometheus-community/kube-prometheus-stack \
|
|
## --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
|
|
## --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
|
|
podMonitor:
|
|
## Toggle the PodMonitor true if you have Prometheus Operator installed and configured
|
|
## Should not be enabled when controller.serviceMonitor.enabled is true
|
|
enabled: false
|
|
|
|
## Specify the labels to add to the PodMonitors to be selected for target discovery
|
|
extraLabels: {}
|
|
|
|
## Specify the endpoints
|
|
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/design.md#podMonitor
|
|
endpoints:
|
|
- port: stat
|
|
path: /metrics
|
|
scheme: http
|
|
interval: 30s
|
|
params:
|
|
scope:
|
|
- global
|
|
- frontend
|
|
- backend
|
|
|
|
## Controller sync mode with Kubernetes
|
|
## Note: requires Enterprise Kubernetes Ingress Controller
|
|
## Possible values: 'default' or 'fetch'
|
|
## - 'default': the sync is done based on K8s informers (event based)
|
|
## - 'fetch': the controller pulls data periodically (from K8s or from proxy)
|
|
sync:
|
|
mode: default # can be 'default' or 'fetch'
|
|
fetchParams: # Mandatory if mode is 'fetch'
|
|
# period: 3s # optional, default is 5s
|
|
source: k8s # possible values are: 'proxy', 'k8s'
|
|
proxyParams: # Mandatory if source is 'proxy'
|
|
replicaCount: 3 # number of replicas of the proxy, mandatory if source is 'proxy'
|
|
proxySvcLabelSelector: run:haproxy-ingress-proxy # label selector of the proxy service, mandatory if source is 'proxy'
|
|
|
|
## CRD job default values
|
|
crdjob:
|
|
## Additional annotations to add to the pod container metadata
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
podAnnotations: {}
|
|
# key: value
|
|
|
|
## Automatic job cleanup
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
|
|
ttlSecondsAfterFinished: 600
|
|
|
|
## Pod Node assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
nodeSelector: {}
|
|
|
|
## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
tolerations: []
|
|
# - key: "key"
|
|
# operator: "Equal|Exists"
|
|
# value: "value"
|
|
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
|
|
|
|
## Node Affinity for pod-node scheduling constraints
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
affinity: {}
|
|
|
|
## Compute Resources for the CRD Job
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
|
resources:
|
|
# limits:
|
|
# cpu: 250m
|
|
# memory: 400Mi
|
|
requests:
|
|
cpu: 250m
|
|
memory: 400Mi
|