github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/controller-daemonset.yaml (about) 1 {{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}} 2 {{- include "isControllerTagValid" . -}} 3 apiVersion: apps/v1 4 kind: DaemonSet 5 metadata: 6 labels: 7 {{- include "ingress-nginx.labels" . | nindent 4 }} 8 app.kubernetes.io/component: controller 9 {{- with .Values.controller.labels }} 10 {{- toYaml . | nindent 4 }} 11 {{- end }} 12 name: {{ include "ingress-nginx.controller.fullname" . }} 13 namespace: {{ .Release.Namespace }} 14 {{- if .Values.controller.annotations }} 15 annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} 16 {{- end }} 17 spec: 18 selector: 19 matchLabels: 20 {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} 21 app.kubernetes.io/component: controller 22 revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 23 {{- if .Values.controller.updateStrategy }} 24 updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} 25 {{- end }} 26 minReadySeconds: {{ .Values.controller.minReadySeconds }} 27 template: 28 metadata: 29 {{- if .Values.controller.podAnnotations }} 30 annotations: 31 {{- range $key, $value := .Values.controller.podAnnotations }} 32 {{ $key }}: {{ $value | quote }} 33 {{- end }} 34 {{- end }} 35 labels: 36 {{- include "ingress-nginx.labels" . | nindent 8 }} 37 app.kubernetes.io/component: controller 38 {{- with .Values.controller.labels }} 39 {{- toYaml . | nindent 8 }} 40 {{- end }} 41 {{- if .Values.controller.podLabels }} 42 {{- toYaml .Values.controller.podLabels | nindent 8 }} 43 {{- end }} 44 spec: 45 {{- if .Values.controller.dnsConfig }} 46 dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} 47 {{- end }} 48 {{- if .Values.controller.hostname }} 49 hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} 50 {{- end }} 51 dnsPolicy: {{ .Values.controller.dnsPolicy }} 52 {{- if .Values.imagePullSecrets }} 53 imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} 54 {{- end }} 55 {{- if .Values.controller.priorityClassName }} 56 priorityClassName: {{ .Values.controller.priorityClassName }} 57 {{- end }} 58 {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} 59 securityContext: 60 {{- end }} 61 {{- if .Values.controller.podSecurityContext }} 62 {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} 63 {{- end }} 64 {{- if .Values.controller.sysctls }} 65 sysctls: 66 {{- range $sysctl, $value := .Values.controller.sysctls }} 67 - name: {{ $sysctl | quote }} 68 value: {{ $value | quote }} 69 {{- end }} 70 {{- end }} 71 {{- if .Values.controller.shareProcessNamespace }} 72 shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} 73 {{- end }} 74 containers: 75 - name: {{ .Values.controller.containerName }} 76 {{- with .Values.controller.image }} 77 image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" 78 {{- end }} 79 imagePullPolicy: {{ .Values.controller.image.pullPolicy }} 80 {{- if .Values.controller.lifecycle }} 81 lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} 82 {{- end }} 83 args: 84 {{- include "ingress-nginx.params" . | nindent 12 }} 85 securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} 86 env: 87 - name: POD_NAME 88 valueFrom: 89 fieldRef: 90 fieldPath: metadata.name 91 - name: POD_NAMESPACE 92 valueFrom: 93 fieldRef: 94 fieldPath: metadata.namespace 95 {{- if .Values.controller.enableMimalloc }} 96 - name: LD_PRELOAD 97 value: /usr/local/lib/libmimalloc.so 98 {{- end }} 99 {{- if .Values.controller.extraEnvs }} 100 {{- toYaml .Values.controller.extraEnvs | nindent 12 }} 101 {{- end }} 102 {{- if .Values.controller.startupProbe }} 103 startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} 104 {{- end }} 105 {{- if .Values.controller.livenessProbe }} 106 livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} 107 {{- end }} 108 {{- if .Values.controller.readinessProbe }} 109 readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} 110 {{- end }} 111 ports: 112 {{- range $key, $value := .Values.controller.containerPort }} 113 - name: {{ $key }} 114 containerPort: {{ $value }} 115 protocol: TCP 116 {{- if $.Values.controller.hostPort.enabled }} 117 hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} 118 {{- end }} 119 {{- end }} 120 {{- if .Values.controller.metrics.enabled }} 121 - name: {{ .Values.controller.metrics.portName }} 122 containerPort: {{ .Values.controller.metrics.port }} 123 protocol: TCP 124 {{- end }} 125 {{- if .Values.controller.admissionWebhooks.enabled }} 126 - name: webhook 127 containerPort: {{ .Values.controller.admissionWebhooks.port }} 128 protocol: TCP 129 {{- end }} 130 {{- range $key, $value := .Values.tcp }} 131 - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp 132 containerPort: {{ $key }} 133 protocol: TCP 134 {{- if $.Values.controller.hostPort.enabled }} 135 hostPort: {{ $key }} 136 {{- end }} 137 {{- end }} 138 {{- range $key, $value := .Values.udp }} 139 - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp 140 containerPort: {{ $key }} 141 protocol: UDP 142 {{- if $.Values.controller.hostPort.enabled }} 143 hostPort: {{ $key }} 144 {{- end }} 145 {{- end }} 146 {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules) }} 147 volumeMounts: 148 {{- if .Values.controller.extraModules }} 149 - name: modules 150 mountPath: /modules_mount 151 {{- end }} 152 {{- if .Values.controller.customTemplate.configMapName }} 153 - mountPath: /etc/nginx/template 154 name: nginx-template-volume 155 readOnly: true 156 {{- end }} 157 {{- if .Values.controller.admissionWebhooks.enabled }} 158 - name: webhook-cert 159 mountPath: /usr/local/certificates/ 160 readOnly: true 161 {{- end }} 162 {{- if .Values.controller.extraVolumeMounts }} 163 {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} 164 {{- end }} 165 {{- end }} 166 {{- if .Values.controller.resources }} 167 resources: {{ toYaml .Values.controller.resources | nindent 12 }} 168 {{- end }} 169 {{- if .Values.controller.extraContainers }} 170 {{ toYaml .Values.controller.extraContainers | nindent 8 }} 171 {{- end }} 172 173 174 {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules) }} 175 initContainers: 176 {{- if .Values.controller.extraInitContainers }} 177 {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} 178 {{- end }} 179 {{- if .Values.controller.extraModules }} 180 {{- range .Values.controller.extraModules }} 181 {{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} 182 {{ include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | indent 8 }} 183 {{- end }} 184 {{- end }} 185 {{- if .Values.controller.opentelemetry.enabled}} 186 {{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }} 187 {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}} 188 {{- end}} 189 {{- end }} 190 {{- if .Values.controller.hostNetwork }} 191 hostNetwork: {{ .Values.controller.hostNetwork }} 192 {{- end }} 193 {{- if .Values.controller.nodeSelector }} 194 nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} 195 {{- end }} 196 {{- if .Values.controller.tolerations }} 197 tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} 198 {{- end }} 199 {{- if .Values.controller.affinity }} 200 affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} 201 {{- end }} 202 {{- if .Values.controller.topologySpreadConstraints }} 203 topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} 204 {{- end }} 205 serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} 206 terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} 207 {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} 208 volumes: 209 {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}} 210 - name: modules 211 emptyDir: {} 212 {{- end }} 213 {{- if .Values.controller.customTemplate.configMapName }} 214 - name: nginx-template-volume 215 configMap: 216 name: {{ .Values.controller.customTemplate.configMapName }} 217 items: 218 - key: {{ .Values.controller.customTemplate.configMapKey }} 219 path: nginx.tmpl 220 {{- end }} 221 {{- if .Values.controller.admissionWebhooks.enabled }} 222 - name: webhook-cert 223 secret: 224 secretName: {{ include "ingress-nginx.fullname" . }}-admission 225 {{- if .Values.controller.admissionWebhooks.certManager.enabled }} 226 items: 227 - key: tls.crt 228 path: cert 229 - key: tls.key 230 path: key 231 {{- end }} 232 {{- end }} 233 {{- if .Values.controller.extraVolumes }} 234 {{ toYaml .Values.controller.extraVolumes | nindent 8 }} 235 {{- end }} 236 {{- end }} 237 {{- end }}