charts/metallb/templates/controller.yaml - pcloud - Gitiles

 {{- if .Values.controller.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "metallb.fullname" . }}-controller
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "metallb.labels" . | nindent 4 }}
     app.kubernetes.io/component: controller
     {{- range $key, $value := .Values.controller.labels }}
     {{ $key }}: {{ $value | quote }}
     {{- end }}
 spec:
   {{- if .Values.controller.strategy }}
   strategy: {{- toYaml .Values.controller.strategy | nindent 4 }}
   {{- end }}
   selector:
     matchLabels:
       {{- include "metallb.selectorLabels" . | nindent 6 }}
       app.kubernetes.io/component: controller
   template:
     metadata:
       {{- if or .Values.prometheus.scrapeAnnotations .Values.controller.podAnnotations }}
       annotations:
         {{- if .Values.prometheus.scrapeAnnotations }}
         prometheus.io/scrape: "true"
         prometheus.io/port: "{{ .Values.prometheus.metricsPort }}"
         {{- end }}
         {{- with .Values.controller.podAnnotations }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
       {{- end }}
       labels:
         {{- include "metallb.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/component: controller
         {{- range $key, $value := .Values.controller.labels }}
         {{ $key }}: {{ $value | quote }}
         {{- end }}
     spec:
       {{- with .Values.controller.runtimeClassName }}
       runtimeClassName: {{ . | quote }}
       {{- end }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ template "metallb.controller.serviceAccountName" . }}
       terminationGracePeriodSeconds: 0
 {{- if .Values.controller.securityContext }}
       securityContext:
 {{ toYaml .Values.controller.securityContext | indent 8 }}
 {{- end }}
       containers:
       - name: controller
         image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}
         {{- if .Values.controller.image.pullPolicy }}
         imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
         {{- end }}
         {{- if .Values.controller.command }}
         command:
           - {{ .Values.controller.command }}
         {{- end }}
         args:
         - --port={{ .Values.prometheus.metricsPort }}
         {{- with .Values.controller.logLevel }}
         - --log-level={{ . }}
         {{- end }}
         - --cert-service-name=metallb-webhook-service
         {{- if .Values.loadBalancerClass }}
         - --lb-class={{ .Values.loadBalancerClass }}
         {{- end }}
         {{- if .Values.controller.webhookMode }}
         - --webhook-mode={{ .Values.controller.webhookMode }}
         {{- end }}
         env:
         {{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }}
         - name: METALLB_ML_SECRET_NAME
           value: {{ include "metallb.secretName" . }}
         - name: METALLB_DEPLOYMENT
           value: {{ template "metallb.fullname" . }}-controller
         {{- end }}
         {{- if .Values.speaker.frr.enabled }}
         - name: METALLB_BGP_TYPE
           value: frr
         {{- end }}
         ports:
         - name: monitoring
           containerPort: {{ .Values.prometheus.metricsPort }}
         - containerPort: 9443
           name: webhook-server
           protocol: TCP
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
         {{- if .Values.controller.livenessProbe.enabled }}
         livenessProbe:
           httpGet:
             path: /metrics
             port: monitoring
           initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
           timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
           successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
           failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
         {{- end }}
         {{- if .Values.controller.readinessProbe.enabled }}
         readinessProbe:
           httpGet:
             path: /metrics
             port: monitoring
           initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
           timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
           successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
           failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
         {{- end }}
         {{- with .Values.controller.resources }}
         resources:
           {{- toYaml . | nindent 10 }}
         {{- end }}
         securityContext:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           capabilities:
             drop:
             - ALL
       {{- if .Values.prometheus.secureMetricsPort }}
       - name: kube-rbac-proxy
         image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }}
         imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }}
         args:
           - --logtostderr
           - --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }}
           - --upstream=http://127.0.0.1:{{ .Values.prometheus.metricsPort }}/
           - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
         {{- if .Values.prometheus.controllerMetricsTLSSecret }}
           - --tls-private-key-file=/etc/metrics/tls.key
           - --tls-cert-file=/etc/metrics/tls.crt
         {{- end }}
         ports:
           - containerPort: {{ .Values.prometheus.secureMetricsPort }}
             name: metricshttps
         resources:
           requests:
             cpu: 10m
             memory: 20Mi
         terminationMessagePolicy: FallbackToLogsOnError
         {{- if .Values.prometheus.controllerMetricsTLSSecret }}
         volumeMounts:
           - name: metrics-certs
             mountPath: /etc/metrics
             readOnly: true
         {{- end }}
       {{ end }}
       nodeSelector:
         "kubernetes.io/os": linux
         {{- with .Values.controller.nodeSelector }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
       {{- with .Values.controller.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.controller.tolerations }}
       tolerations:
         {{- toYaml . | nindent 6 }}
       {{- end }}
       {{- with .Values.controller.priorityClassName }}
       priorityClassName: {{ . | quote }}
       {{- end }}
       volumes:
       - name: cert
         secret:
           defaultMode: 420
           secretName: webhook-server-cert
       {{- if .Values.prometheus.controllerMetricsTLSSecret }}
       - name: metrics-certs
         secret:
           secretName: {{ .Values.prometheus.controllerMetricsTLSSecret }}
       {{- end }}
 {{- end }}
	{{- if .Values.controller.enabled }}
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: {{ template "metallb.fullname" . }}-controller
	namespace: {{ .Release.Namespace \| quote }}
	labels:
	{{- include "metallb.labels" . \| nindent 4 }}
	app.kubernetes.io/component: controller
	{{- range $key, $value := .Values.controller.labels }}
	{{ $key }}: {{ $value \| quote }}
	{{- end }}
	spec:
	{{- if .Values.controller.strategy }}
	strategy: {{- toYaml .Values.controller.strategy \| nindent 4 }}
	{{- end }}
	selector:
	matchLabels:
	{{- include "metallb.selectorLabels" . \| nindent 6 }}
	app.kubernetes.io/component: controller
	template:
	metadata:
	{{- if or .Values.prometheus.scrapeAnnotations .Values.controller.podAnnotations }}
	annotations:
	{{- if .Values.prometheus.scrapeAnnotations }}
	prometheus.io/scrape: "true"
	prometheus.io/port: "{{ .Values.prometheus.metricsPort }}"
	{{- end }}
	{{- with .Values.controller.podAnnotations }}
	{{- toYaml . \| nindent 8 }}
	{{- end }}
	{{- end }}
	labels:
	{{- include "metallb.selectorLabels" . \| nindent 8 }}
	app.kubernetes.io/component: controller
	{{- range $key, $value := .Values.controller.labels }}
	{{ $key }}: {{ $value \| quote }}
	{{- end }}
	spec:
	{{- with .Values.controller.runtimeClassName }}
	runtimeClassName: {{ . \| quote }}
	{{- end }}
	{{- with .Values.imagePullSecrets }}
	imagePullSecrets:
	{{- toYaml . \| nindent 8 }}
	{{- end }}
	serviceAccountName: {{ template "metallb.controller.serviceAccountName" . }}
	terminationGracePeriodSeconds: 0
	{{- if .Values.controller.securityContext }}
	securityContext:
	{{ toYaml .Values.controller.securityContext \| indent 8 }}
	{{- end }}
	containers:
	- name: controller
	image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag \| default .Chart.AppVersion }}
	{{- if .Values.controller.image.pullPolicy }}
	imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
	{{- end }}
	{{- if .Values.controller.command }}
	command:
	- {{ .Values.controller.command }}
	{{- end }}
	args:
	- --port={{ .Values.prometheus.metricsPort }}
	{{- with .Values.controller.logLevel }}
	- --log-level={{ . }}
	{{- end }}
	- --cert-service-name=metallb-webhook-service
	{{- if .Values.loadBalancerClass }}
	- --lb-class={{ .Values.loadBalancerClass }}
	{{- end }}
	{{- if .Values.controller.webhookMode }}
	- --webhook-mode={{ .Values.controller.webhookMode }}
	{{- end }}
	env:
	{{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }}
	- name: METALLB_ML_SECRET_NAME
	value: {{ include "metallb.secretName" . }}
	- name: METALLB_DEPLOYMENT
	value: {{ template "metallb.fullname" . }}-controller
	{{- end }}
	{{- if .Values.speaker.frr.enabled }}
	- name: METALLB_BGP_TYPE
	value: frr
	{{- end }}
	ports:
	- name: monitoring
	containerPort: {{ .Values.prometheus.metricsPort }}
	- containerPort: 9443
	name: webhook-server
	protocol: TCP
	volumeMounts:
	- mountPath: /tmp/k8s-webhook-server/serving-certs
	name: cert
	readOnly: true
	{{- if .Values.controller.livenessProbe.enabled }}
	livenessProbe:
	httpGet:
	path: /metrics
	port: monitoring
	initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
	periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
	timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
	successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
	failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
	{{- end }}
	{{- if .Values.controller.readinessProbe.enabled }}
	readinessProbe:
	httpGet:
	path: /metrics
	port: monitoring
	initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
	periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
	timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
	successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
	failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
	{{- end }}
	{{- with .Values.controller.resources }}
	resources:
	{{- toYaml . \| nindent 10 }}
	{{- end }}
	securityContext:
	allowPrivilegeEscalation: false
	readOnlyRootFilesystem: true
	capabilities:
	drop:
	- ALL
	{{- if .Values.prometheus.secureMetricsPort }}
	- name: kube-rbac-proxy
	image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }}
	imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }}
	args:
	- --logtostderr
	- --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }}
	- --upstream=http://127.0.0.1:{{ .Values.prometheus.metricsPort }}/
	- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
	{{- if .Values.prometheus.controllerMetricsTLSSecret }}
	- --tls-private-key-file=/etc/metrics/tls.key
	- --tls-cert-file=/etc/metrics/tls.crt
	{{- end }}
	ports:
	- containerPort: {{ .Values.prometheus.secureMetricsPort }}
	name: metricshttps
	resources:
	requests:
	cpu: 10m
	memory: 20Mi
	terminationMessagePolicy: FallbackToLogsOnError
	{{- if .Values.prometheus.controllerMetricsTLSSecret }}
	volumeMounts:
	- name: metrics-certs
	mountPath: /etc/metrics
	readOnly: true
	{{- end }}
	{{ end }}
	nodeSelector:
	"kubernetes.io/os": linux
	{{- with .Values.controller.nodeSelector }}
	{{- toYaml . \| nindent 8 }}
	{{- end }}
	{{- with .Values.controller.affinity }}
	affinity:
	{{- toYaml . \| nindent 8 }}
	{{- end }}
	{{- with .Values.controller.tolerations }}
	tolerations:
	{{- toYaml . \| nindent 6 }}
	{{- end }}
	{{- with .Values.controller.priorityClassName }}
	priorityClassName: {{ . \| quote }}
	{{- end }}
	volumes:
	- name: cert
	secret:
	defaultMode: 420
	secretName: webhook-server-cert
	{{- if .Values.prometheus.controllerMetricsTLSSecret }}
	- name: metrics-certs
	secret:
	secretName: {{ .Values.prometheus.controllerMetricsTLSSecret }}
	{{- end }}
	{{- end }}