github.com/nginxinc/kubernetes-ingress@v1.12.5/deployments/helm-chart/templates/controller-daemonset.yaml (about) 1 {{- if eq .Values.controller.kind "daemonset" }} 2 apiVersion: apps/v1 3 kind: DaemonSet 4 metadata: 5 name: {{ default (include "nginx-ingress.name" .) .Values.controller.name }} 6 namespace: {{ .Release.Namespace }} 7 labels: 8 {{- include "nginx-ingress.labels" . | nindent 4 }} 9 spec: 10 selector: 11 matchLabels: 12 app: {{ include "nginx-ingress.appName" . }} 13 template: 14 metadata: 15 labels: 16 app: {{ include "nginx-ingress.appName" . }} 17 {{- if or (.Values.prometheus.create) (.Values.controller.pod.annotations) }} 18 annotations: 19 {{- if .Values.prometheus.create }} 20 prometheus.io/scrape: "true" 21 prometheus.io/port: "{{ .Values.prometheus.port }}" 22 prometheus.io/scheme: "{{ .Values.prometheus.scheme }}" 23 {{- end }} 24 {{- if .Values.controller.pod.annotations }} 25 {{ toYaml .Values.controller.pod.annotations | indent 8 }} 26 {{- end }} 27 {{- end }} 28 spec: 29 serviceAccountName: {{ include "nginx-ingress.serviceAccountName" . }} 30 terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} 31 {{- if .Values.controller.nodeSelector }} 32 nodeSelector: 33 {{ toYaml .Values.controller.nodeSelector | indent 8 }} 34 {{- end }} 35 {{- if .Values.controller.tolerations }} 36 tolerations: 37 {{ toYaml .Values.controller.tolerations | indent 6 }} 38 {{- end }} 39 {{- if .Values.controller.affinity }} 40 affinity: 41 {{ toYaml .Values.controller.affinity | indent 8 }} 42 {{- end }} 43 {{- if .Values.controller.volumes }} 44 volumes: 45 {{ toYaml .Values.controller.volumes | indent 6 }} 46 {{- end }} 47 {{- if .Values.controller.priorityClassName }} 48 priorityClassName: {{ .Values.controller.priorityClassName }} 49 {{- end }} 50 hostNetwork: {{ .Values.controller.hostNetwork }} 51 containers: 52 - name: {{ include "nginx-ingress.name" . }} 53 image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" 54 imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}" 55 ports: 56 - name: http 57 containerPort: 80 58 hostPort: 80 59 - name: https 60 containerPort: 443 61 hostPort: 443 62 {{ if .Values.controller.customPorts }} 63 {{ toYaml .Values.controller.customPorts | indent 8 }} 64 {{ end }} 65 {{- if .Values.prometheus.create }} 66 - name: prometheus 67 containerPort: {{ .Values.prometheus.port }} 68 {{- end }} 69 {{- if .Values.controller.readyStatus.enable }} 70 - name: readiness-port 71 containerPort: {{ .Values.controller.readyStatus.port}} 72 readinessProbe: 73 httpGet: 74 path: /nginx-ready 75 port: readiness-port 76 periodSeconds: 1 77 {{- end }} 78 securityContext: 79 allowPrivilegeEscalation: true 80 runAsUser: 101 #nginx 81 capabilities: 82 drop: 83 - ALL 84 add: 85 - NET_BIND_SERVICE 86 {{- if .Values.controller.volumeMounts }} 87 volumeMounts: 88 {{ toYaml .Values.controller.volumeMounts | indent 8 }} 89 {{- end }} 90 env: 91 - name: POD_NAMESPACE 92 valueFrom: 93 fieldRef: 94 fieldPath: metadata.namespace 95 - name: POD_NAME 96 valueFrom: 97 fieldRef: 98 fieldPath: metadata.name 99 resources: 100 {{ toYaml .Values.controller.resources | indent 10 }} 101 args: 102 - -nginx-plus={{ .Values.controller.nginxplus }} 103 - -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }} 104 - -enable-app-protect={{ .Values.controller.appprotect.enable }} 105 - -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }} 106 {{- if .Values.controller.defaultTLS.secret }} 107 - -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }} 108 {{ else }} 109 - -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }} 110 {{- end }} 111 - -ingress-class={{ .Values.controller.ingressClass }} 112 {{- if semverCompare "<1.18.0" .Capabilities.KubeVersion.GitVersion }} 113 - -use-ingress-class-only={{ .Values.controller.useIngressClassOnly }} 114 {{- end }} 115 {{- if .Values.controller.watchNamespace }} 116 - -watch-namespace={{ .Values.controller.watchNamespace }} 117 {{- end }} 118 - -health-status={{ .Values.controller.healthStatus }} 119 - -health-status-uri={{ .Values.controller.healthStatusURI }} 120 - -nginx-debug={{ .Values.controller.nginxDebug }} 121 - -v={{ .Values.controller.logLevel }} 122 - -nginx-status={{ .Values.controller.nginxStatus.enable }} 123 {{- if .Values.controller.nginxStatus.enable }} 124 - -nginx-status-port={{ .Values.controller.nginxStatus.port }} 125 - -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }} 126 {{- end }} 127 {{- if .Values.controller.reportIngressStatus.enable }} 128 - -report-ingress-status 129 {{- if .Values.controller.reportIngressStatus.ingressLink }} 130 - -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }} 131 {{- else if .Values.controller.reportIngressStatus.externalService }} 132 - -external-service={{ .Values.controller.reportIngressStatus.externalService }} 133 {{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }} 134 - -external-service={{ include "nginx-ingress.serviceName" . }} 135 {{- end }} 136 - -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }} 137 - -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }} 138 {{- end }} 139 {{- if .Values.controller.wildcardTLS.secret }} 140 - -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }} 141 {{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }} 142 - -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }} 143 {{- end }} 144 - -enable-prometheus-metrics={{ .Values.prometheus.create }} 145 - -prometheus-metrics-listen-port={{ .Values.prometheus.port }} 146 - -prometheus-tls-secret={{ .Values.prometheus.secret }} 147 - -enable-custom-resources={{ .Values.controller.enableCustomResources }} 148 {{- if .Values.controller.enableCustomResources }} 149 - -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }} 150 - -enable-snippets={{ .Values.controller.enableSnippets }} 151 - -enable-preview-policies={{ .Values.controller.enablePreviewPolicies }} 152 {{- if .Values.controller.globalConfiguration.create }} 153 - -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.name" . }} 154 {{- end }} 155 {{- end }} 156 - -ready-status={{ .Values.controller.readyStatus.enable }} 157 - -ready-status-port={{ .Values.controller.readyStatus.port }} 158 - -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }} 159 {{- end }}