charts
diff --git a/charts/ingress-nginx/.helmignore b/charts/ingress-nginx/.helmignore
new file mode 100644
index 0000000..50af031
--- /dev/null
+++ b/charts/ingress-nginx/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/ingress-nginx/CHANGELOG.md b/charts/ingress-nginx/CHANGELOG.md
new file mode 100644
index 0000000..fd649cc
--- /dev/null
+++ b/charts/ingress-nginx/CHANGELOG.md
@@ -0,0 +1,263 @@
+# Changelog
+
+This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org).
+
+### 4.0.3
+
+- [7707] https://github.com/kubernetes/ingress-nginx/pull/7707 Release v1.0.2 of ingress-nginx
+
+
+### 4.0.2
+
+- [7681] https://github.com/kubernetes/ingress-nginx/pull/7681 Release v1.0.1 of ingress-nginx
+
+### 4.0.1
+
+- [7535] https://github.com/kubernetes/ingress-nginx/pull/7535 Release v1.0.0 ingress-nginx
+
+### 3.34.0
+
+- [7256] https://github.com/kubernetes/ingress-nginx/pull/7256 Add namespace field in the namespace scoped resource templates
+
+### 3.33.0
+
+- [7164] https://github.com/kubernetes/ingress-nginx/pull/7164 Update nginx to v1.20.1
+
+### 3.32.0
+
+- [7117] https://github.com/kubernetes/ingress-nginx/pull/7117 Add annotations for HPA
+
+### 3.31.0
+
+- [7137] https://github.com/kubernetes/ingress-nginx/pull/7137 Add support for custom probes
+
+### 3.30.0
+
+- [#7092](https://github.com/kubernetes/ingress-nginx/pull/7092) Removes the possibility of using localhost in ExternalNames as endpoints
+
+### 3.29.0
+
+- [X] [#6945](https://github.com/kubernetes/ingress-nginx/pull/7020) Add option to specify job label for ServiceMonitor
+
+### 3.28.0
+
+- [ ] [#6900](https://github.com/kubernetes/ingress-nginx/pull/6900) Support existing PSPs
+
+### 3.27.0
+
+- Update ingress-nginx v0.45.0
+
+### 3.26.0
+
+- [X] [#6979](https://github.com/kubernetes/ingress-nginx/pull/6979) Changed servicePort value for metrics
+
+### 3.25.0
+
+- [X] [#6957](https://github.com/kubernetes/ingress-nginx/pull/6957) Add ability to specify automountServiceAccountToken
+
+### 3.24.0
+
+- [X] [#6908](https://github.com/kubernetes/ingress-nginx/pull/6908) Add volumes to default-backend deployment
+
+### 3.23.0
+
+- Update ingress-nginx v0.44.0
+
+### 3.22.0
+
+- [X] [#6802](https://github.com/kubernetes/ingress-nginx/pull/6802) Add value for configuring a custom Diffie-Hellman parameters file
+- [X] [#6815](https://github.com/kubernetes/ingress-nginx/pull/6815) Allow use of numeric namespaces in helm chart
+
+### 3.21.0
+
+- [X] [#6783](https://github.com/kubernetes/ingress-nginx/pull/6783) Add custom annotations to ScaledObject
+- [X] [#6761](https://github.com/kubernetes/ingress-nginx/pull/6761) Adding quotes in the serviceAccount name in Helm values
+- [X] [#6767](https://github.com/kubernetes/ingress-nginx/pull/6767) Remove ClusterRole when scope option is enabled
+- [X] [#6785](https://github.com/kubernetes/ingress-nginx/pull/6785) Update kube-webhook-certgen image to v1.5.1
+
+### 3.20.1
+
+- Do not create KEDA in case of DaemonSets.
+- Fix KEDA v2 definition
+
+### 3.20.0
+
+- [X] [#6730](https://github.com/kubernetes/ingress-nginx/pull/6730) Do not create HPA for defaultBackend if not enabled.
+
+### 3.19.0
+
+- Update ingress-nginx v0.43.0
+
+### 3.18.0
+
+- [X] [#6688](https://github.com/kubernetes/ingress-nginx/pull/6688) Allow volume-type emptyDir in controller podsecuritypolicy
+- [X] [#6691](https://github.com/kubernetes/ingress-nginx/pull/6691) Improve parsing of helm parameters
+
+### 3.17.0
+
+- Update ingress-nginx v0.42.0
+
+### 3.16.1
+
+- Fix chart-releaser action
+
+### 3.16.0
+
+- [X] [#6646](https://github.com/kubernetes/ingress-nginx/pull/6646) Added LoadBalancerIP value for internal service
+
+### 3.15.1
+
+- Fix chart-releaser action
+
+### 3.15.0
+
+- [X] [#6586](https://github.com/kubernetes/ingress-nginx/pull/6586) Fix 'maxmindLicenseKey' location in values.yaml
+
+### 3.14.0
+
+- [X] [#6469](https://github.com/kubernetes/ingress-nginx/pull/6469) Allow custom service names for controller and backend
+
+### 3.13.0
+
+- [X] [#6544](https://github.com/kubernetes/ingress-nginx/pull/6544) Fix default backend HPA name variable
+
+### 3.12.0
+
+- [X] [#6514](https://github.com/kubernetes/ingress-nginx/pull/6514) Remove helm2 support and update docs
+
+### 3.11.1
+
+- [X] [#6505](https://github.com/kubernetes/ingress-nginx/pull/6505) Reorder HPA resource list to work with GitOps tooling
+
+### 3.11.0
+
+- Support Keda Autoscaling
+
+### 3.10.1
+
+- Fix regression introduced in 0.41.0 with external authentication
+
+### 3.10.0
+
+- Fix routing regression introduced in 0.41.0 with PathType Exact
+
+### 3.9.0
+
+- [X] [#6423](https://github.com/kubernetes/ingress-nginx/pull/6423) Add Default backend HPA autoscaling
+
+### 3.8.0
+
+- [X] [#6395](https://github.com/kubernetes/ingress-nginx/pull/6395) Update jettech/kube-webhook-certgen image
+- [X] [#6377](https://github.com/kubernetes/ingress-nginx/pull/6377) Added loadBalancerSourceRanges for internal lbs
+- [X] [#6356](https://github.com/kubernetes/ingress-nginx/pull/6356) Add securitycontext settings on defaultbackend
+- [X] [#6401](https://github.com/kubernetes/ingress-nginx/pull/6401) Fix controller service annotations
+- [X] [#6403](https://github.com/kubernetes/ingress-nginx/pull/6403) Initial helm chart changelog
+
+### 3.7.1
+
+- [X] [#6326](https://github.com/kubernetes/ingress-nginx/pull/6326) Fix liveness and readiness probe path in daemonset chart
+
+### 3.7.0
+
+- [X] [#6316](https://github.com/kubernetes/ingress-nginx/pull/6316) Numerals in podAnnotations in quotes [#6315](https://github.com/kubernetes/ingress-nginx/issues/6315)
+
+### 3.6.0
+
+- [X] [#6305](https://github.com/kubernetes/ingress-nginx/pull/6305) Add default linux nodeSelector
+
+### 3.5.1
+
+- [X] [#6299](https://github.com/kubernetes/ingress-nginx/pull/6299) Fix helm chart release
+
+### 3.5.0
+
+- [X] [#6260](https://github.com/kubernetes/ingress-nginx/pull/6260) Allow Helm Chart to customize admission webhook's annotations, timeoutSeconds, namespaceSelector, objectSelector and cert files locations
+
+### 3.4.0
+
+- [X] [#6268](https://github.com/kubernetes/ingress-nginx/pull/6268) Update to 0.40.2 in helm chart #6288
+
+### 3.3.1
+
+- [X] [#6259](https://github.com/kubernetes/ingress-nginx/pull/6259) Release helm chart
+- [X] [#6258](https://github.com/kubernetes/ingress-nginx/pull/6258) Fix chart markdown link
+- [X] [#6253](https://github.com/kubernetes/ingress-nginx/pull/6253) Release v0.40.0
+
+### 3.3.1
+
+- [X] [#6233](https://github.com/kubernetes/ingress-nginx/pull/6233) Add admission controller e2e test
+
+### 3.3.0
+
+- [X] [#6203](https://github.com/kubernetes/ingress-nginx/pull/6203) Refactor parsing of key values
+- [X] [#6162](https://github.com/kubernetes/ingress-nginx/pull/6162) Add helm chart options to expose metrics service as NodePort
+- [X] [#6180](https://github.com/kubernetes/ingress-nginx/pull/6180) Fix helm chart admissionReviewVersions regression
+- [X] [#6169](https://github.com/kubernetes/ingress-nginx/pull/6169) Fix Typo in example prometheus rules
+
+### 3.0.0
+
+- [X] [#6167](https://github.com/kubernetes/ingress-nginx/pull/6167) Update chart requirements
+
+### 2.16.0
+
+- [X] [#6154](https://github.com/kubernetes/ingress-nginx/pull/6154) add `topologySpreadConstraint` to controller
+
+### 2.15.0
+
+- [X] [#6087](https://github.com/kubernetes/ingress-nginx/pull/6087) Adding parameter for externalTrafficPolicy in internal controller service spec
+
+### 2.14.0
+
+- [X] [#6104](https://github.com/kubernetes/ingress-nginx/pull/6104) Misc fixes for nginx-ingress chart for better keel and prometheus-operator integration
+
+### 2.13.0
+
+- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
+
+### 2.13.0
+
+- [X] [#6093](https://github.com/kubernetes/ingress-nginx/pull/6093) Release v0.35.0
+- [X] [#6080](https://github.com/kubernetes/ingress-nginx/pull/6080) Switch images to k8s.gcr.io after Vanity Domain Flip
+
+### 2.12.1
+
+- [X] [#6075](https://github.com/kubernetes/ingress-nginx/pull/6075) Sync helm chart affinity examples
+
+### 2.12.0
+
+- [X] [#6039](https://github.com/kubernetes/ingress-nginx/pull/6039) Add configurable serviceMonitor metricRelabelling and targetLabels
+- [X] [#6044](https://github.com/kubernetes/ingress-nginx/pull/6044) Fix YAML linting
+
+### 2.11.3
+
+- [X] [#6038](https://github.com/kubernetes/ingress-nginx/pull/6038) Bump chart version PATCH
+
+### 2.11.2
+
+- [X] [#5951](https://github.com/kubernetes/ingress-nginx/pull/5951) Bump chart patch version
+
+### 2.11.1
+
+- [X] [#5900](https://github.com/kubernetes/ingress-nginx/pull/5900) Release helm chart for v0.34.1
+
+### 2.11.0
+
+- [X] [#5879](https://github.com/kubernetes/ingress-nginx/pull/5879) Update helm chart for v0.34.0
+- [X] [#5671](https://github.com/kubernetes/ingress-nginx/pull/5671) Make liveness probe more fault tolerant than readiness probe
+
+### 2.10.0
+
+- [X] [#5843](https://github.com/kubernetes/ingress-nginx/pull/5843) Update jettech/kube-webhook-certgen image
+
+### 2.9.1
+
+- [X] [#5823](https://github.com/kubernetes/ingress-nginx/pull/5823) Add quoting to sysctls because numeric values need to be presented as strings (#5823)
+
+### 2.9.0
+
+- [X] [#5795](https://github.com/kubernetes/ingress-nginx/pull/5795) Use fully qualified images to avoid cri-o issues
+
+
+### TODO
+
+Keep building the changelog using *git log charts* checking the tag
diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml
new file mode 100644
index 0000000..328e7dc
--- /dev/null
+++ b/charts/ingress-nginx/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+ artifacthub.io/changes: |
+ - Upgrade lua-resty-balancer to v0.0.4 to stop coredumps
+ - Add canary backend name in metrics
+ - Add build info in metrics
+ artifacthub.io/prerelease: "false"
+apiVersion: v2
+appVersion: 1.0.2
+description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
+home: https://github.com/kubernetes/ingress-nginx
+icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
+keywords:
+- ingress
+- nginx
+kubeVersion: '>=1.19.0-0'
+maintainers:
+- name: ChiefAlexander
+name: ingress-nginx
+sources:
+- https://github.com/kubernetes/ingress-nginx
+type: application
+version: 4.0.3
diff --git a/charts/ingress-nginx/OWNERS b/charts/ingress-nginx/OWNERS
new file mode 100644
index 0000000..6b7e049
--- /dev/null
+++ b/charts/ingress-nginx/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+
+approvers:
+- ingress-nginx-helm-maintainers
+
+reviewers:
+- ingress-nginx-helm-reviewers
+
+labels:
+- area/helm
diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md
new file mode 100644
index 0000000..fecbbcd
--- /dev/null
+++ b/charts/ingress-nginx/README.md
@@ -0,0 +1,227 @@
+# ingress-nginx
+
+[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
+
+To use, add the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
+
+This chart bootstraps an ingress-nginx deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes v1.16+
+
+## Get Repo Info
+
+```console
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo update
+```
+
+## Install Chart
+
+**Important:** only helm3 is supported
+
+```console
+helm install [RELEASE_NAME] ingress-nginx/ingress-nginx
+```
+
+The command deploys ingress-nginx on the Kubernetes cluster in the default configuration.
+
+_See [configuration](#configuration) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Uninstall Chart
+
+```console
+helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
+
+## Upgrading Chart
+
+```console
+helm upgrade [RELEASE_NAME] [CHART] --install
+```
+
+_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
+
+### Upgrading With Zero Downtime in Production
+
+By default the ingress-nginx controller has service interruptions whenever it's pods are restarted or redeployed. In order to fix that, see the excellent blog post by Lindsay Landry from Codecademy: [Kubernetes: Nginx and Zero Downtime in Production](https://medium.com/codecademy-engineering/kubernetes-nginx-and-zero-downtime-in-production-2c910c6a5ed8).
+
+### Migrating from stable/nginx-ingress
+
+There are two main ways to migrate a release from `stable/nginx-ingress` to `ingress-nginx/ingress-nginx` chart:
+
+1. For Nginx Ingress controllers used for non-critical services, the easiest method is to [uninstall](#uninstall-chart) the old release and [install](#install-chart) the new one
+1. For critical services in production that require zero-downtime, you will want to:
+ 1. [Install](#install-chart) a second Ingress controller
+ 1. Redirect your DNS traffic from the old controller to the new controller
+ 1. Log traffic from both controllers during this changeover
+ 1. [Uninstall](#uninstall-chart) the old controller once traffic has fully drained from it
+ 1. For details on all of these steps see [Upgrading With Zero Downtime in Production](#upgrading-with-zero-downtime-in-production)
+
+Note that there are some different and upgraded configurations between the two charts, described by Rimas Mocevicius from JFrog in the "Upgrading to ingress-nginx Helm chart" section of [Migrating from Helm chart nginx-ingress to ingress-nginx](https://rimusz.net/migrating-to-ingress-nginx). As the `ingress-nginx/ingress-nginx` chart continues to update, you will want to check current differences by running [helm configuration](#configuration) commands on both charts.
+
+## Configuration
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
+
+```console
+helm show values ingress-nginx/ingress-nginx
+```
+
+### PodDisruptionBudget
+
+Note that the PodDisruptionBudget resource will only be defined if the replicaCount is greater than one,
+else it would make it impossible to evacuate a node. See [gh issue #7127](https://github.com/helm/charts/issues/7127) for more info.
+
+### Prometheus Metrics
+
+The Nginx ingress controller can export Prometheus metrics, by setting `controller.metrics.enabled` to `true`.
+
+You can add Prometheus annotations to the metrics service using `controller.metrics.service.annotations`.
+Alternatively, if you use the Prometheus Operator, you can enable ServiceMonitor creation using `controller.metrics.serviceMonitor.enabled`. And set `controller.metrics.serviceMonitor.additionalLabels.release="prometheus"`. "release=prometheus" should match the label configured in the prometheus servicemonitor ( see `kubectl get servicemonitor prometheus-kube-prom-prometheus -oyaml -n prometheus`)
+
+### ingress-nginx nginx\_status page/stats server
+
+Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
+
+- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
+- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
+ You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
+
+### ExternalDNS Service Configuration
+
+Add an [ExternalDNS](https://github.com/kubernetes-incubator/external-dns) annotation to the LoadBalancer service:
+
+```yaml
+controller:
+ service:
+ annotations:
+ external-dns.alpha.kubernetes.io/hostname: kubernetes-example.com.
+```
+
+### AWS L7 ELB with SSL Termination
+
+Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/main/deploy/aws/l7/service-l7.yaml):
+
+```yaml
+controller:
+ service:
+ targetPorts:
+ http: http
+ https: http
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
+ service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
+ service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
+ service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'
+```
+
+### AWS route53-mapper
+
+To configure the LoadBalancer service with the [route53-mapper addon](https://github.com/kubernetes/kops/tree/master/addons/route53-mapper), add the `domainName` annotation and `dns` label:
+
+```yaml
+controller:
+ service:
+ labels:
+ dns: "route53"
+ annotations:
+ domainName: "kubernetes-example.com"
+```
+
+### Additional Internal Load Balancer
+
+This setup is useful when you need both external and internal load balancers but don't want to have multiple ingress controllers and multiple ingress objects per application.
+
+By default, the ingress object will point to the external load balancer address, but if correctly configured, you can make use of the internal one if the URL you are looking up resolves to the internal load balancer's URL.
+
+You'll need to set both the following values:
+
+`controller.service.internal.enabled`
+`controller.service.internal.annotations`
+
+If one of them is missing the internal load balancer will not be deployed. Example you may have `controller.service.internal.enabled=true` but no annotations set, in this case no action will be taken.
+
+`controller.service.internal.annotations` varies with the cloud service you're using.
+
+Example for AWS:
+
+```yaml
+controller:
+ service:
+ internal:
+ enabled: true
+ annotations:
+ # Create internal ELB
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+Example for GCE:
+
+```yaml
+controller:
+ service:
+ internal:
+ enabled: true
+ annotations:
+ # Create internal LB. More informations: https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing
+ # For GKE versions 1.17 and later
+ networking.gke.io/load-balancer-type: "Internal"
+ # For earlier versions
+ # cloud.google.com/load-balancer-type: "Internal"
+
+ # Any other annotation can be declared here.
+```
+
+Example for Azure:
+
+```yaml
+controller:
+ service:
+ annotations:
+ # Create internal LB
+ service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+Example for Oracle Cloud Infrastructure:
+
+```yaml
+controller:
+ service:
+ annotations:
+ # Create internal LB
+ service.beta.kubernetes.io/oci-load-balancer-internal: "true"
+ # Any other annotation can be declared here.
+```
+
+An use case for this scenario is having a split-view DNS setup where the public zone CNAME records point to the external balancer URL while the private zone CNAME records point to the internal balancer URL. This way, you only need one ingress kubernetes object.
+
+Optionally you can set `controller.service.loadBalancerIP` if you need a static IP for the resulting `LoadBalancer`.
+
+### Ingress Admission Webhooks
+
+With nginx-ingress-controller version 0.25+, the nginx ingress controller pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent bad ingress from being added to the cluster.
+**This feature is enabled by default since 0.31.0.**
+
+With nginx-ingress-controller in 0.25.* work only with kubernetes 1.14+, 0.26 fix [this issue](https://github.com/kubernetes/ingress-nginx/pull/4521)
+
+### Helm Error When Upgrading: spec.clusterIP: Invalid value: ""
+
+If you are upgrading this chart from a version between 0.31.0 and 1.2.2 then you may get an error like this:
+
+```console
+Error: UPGRADE FAILED: Service "?????-controller" is invalid: spec.clusterIP: Invalid value: "": field is immutable
+```
+
+Detail of how and why are in [this issue](https://github.com/helm/charts/pull/13646) but to resolve this you can set `xxxx.service.omitClusterIP` to `true` where `xxxx` is the service referenced in the error.
+
+As of version `1.26.0` of this chart, by simply not providing any clusterIP value, `invalid: spec.clusterIP: Invalid value: "": field is immutable` will no longer occur since `clusterIP: ""` will not be rendered.
diff --git a/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml b/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml
new file mode 100644
index 0000000..b28a232
--- /dev/null
+++ b/charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml
@@ -0,0 +1,7 @@
+controller:
+ watchIngressWithoutClass: true
+ ingressClassResource:
+ name: custom-nginx
+ enabled: true
+ default: true
+ controllerValue: "k8s.io/custom-nginx"
diff --git a/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml b/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml
new file mode 100644
index 0000000..4393a5b
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-customconfig-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ kind: DaemonSet
+ allowSnippetAnnotations: false
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+ config:
+ use-proxy-protocol: "true"
diff --git a/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml b/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml
new file mode 100644
index 0000000..1d94be2
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml
@@ -0,0 +1,22 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+
+ service:
+ type: NodePort
+ nodePorts:
+ tcp:
+ 9000: 30090
+ udp:
+ 9001: 30091
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/daemonset-headers-values.yaml b/charts/ingress-nginx/ci/daemonset-headers-values.yaml
new file mode 100644
index 0000000..ab7d47b
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-headers-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ addHeaders:
+ X-Frame-Options: deny
+ proxySetHeaders:
+ X-Forwarded-Proto: https
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml b/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml
new file mode 100644
index 0000000..0a200a7
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-internal-lb-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+ internal:
+ enabled: true
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
diff --git a/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml b/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml
new file mode 100644
index 0000000..3b7aa2f
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-nodeport-values.yaml
@@ -0,0 +1,10 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: NodePort
diff --git a/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml b/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml
new file mode 100644
index 0000000..0b55306
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-podannotations-values.yaml
@@ -0,0 +1,17 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ metrics:
+ enabled: true
+ service:
+ type: ClusterIP
+ podAnnotations:
+ prometheus.io/path: /metrics
+ prometheus.io/port: "10254"
+ prometheus.io/scheme: http
+ prometheus.io/scrape: "true"
diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
new file mode 100644
index 0000000..acd86a7
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,20 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+ tcp:
+ configMapNamespace: default
+ udp:
+ configMapNamespace: default
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml
new file mode 100644
index 0000000..25ee64d
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-tcp-udp-values.yaml
@@ -0,0 +1,16 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/daemonset-tcp-values.yaml b/charts/ingress-nginx/ci/daemonset-tcp-values.yaml
new file mode 100644
index 0000000..380c8b4
--- /dev/null
+++ b/charts/ingress-nginx/ci/daemonset-tcp-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+tcp:
+ 9000: "default/test:8080"
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deamonset-default-values.yaml b/charts/ingress-nginx/ci/deamonset-default-values.yaml
new file mode 100644
index 0000000..82fa23e
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-default-values.yaml
@@ -0,0 +1,10 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deamonset-metrics-values.yaml b/charts/ingress-nginx/ci/deamonset-metrics-values.yaml
new file mode 100644
index 0000000..cb3cb54
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-metrics-values.yaml
@@ -0,0 +1,12 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ metrics:
+ enabled: true
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deamonset-psp-values.yaml b/charts/ingress-nginx/ci/deamonset-psp-values.yaml
new file mode 100644
index 0000000..8026a63
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-psp-values.yaml
@@ -0,0 +1,13 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+podSecurityPolicy:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml b/charts/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml
new file mode 100644
index 0000000..fccdb13
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-webhook-and-psp-values.yaml
@@ -0,0 +1,13 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: true
+ service:
+ type: ClusterIP
+
+podSecurityPolicy:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deamonset-webhook-values.yaml b/charts/ingress-nginx/ci/deamonset-webhook-values.yaml
new file mode 100644
index 0000000..54d364d
--- /dev/null
+++ b/charts/ingress-nginx/ci/deamonset-webhook-values.yaml
@@ -0,0 +1,10 @@
+controller:
+ kind: DaemonSet
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: true
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml b/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml
new file mode 100644
index 0000000..dca3f35
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-autoscaling-behavior-values.yaml
@@ -0,0 +1,14 @@
+controller:
+ autoscaling:
+ enabled: true
+ behavior:
+ scaleDown:
+ stabilizationWindowSeconds: 300
+ policies:
+ - type: Pods
+ value: 1
+ periodSeconds: 180
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml b/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml
new file mode 100644
index 0000000..b8b3ac6
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-autoscaling-values.yaml
@@ -0,0 +1,11 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ autoscaling:
+ enabled: true
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-customconfig-values.yaml b/charts/ingress-nginx/ci/deployment-customconfig-values.yaml
new file mode 100644
index 0000000..1749418
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-customconfig-values.yaml
@@ -0,0 +1,12 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ config:
+ use-proxy-protocol: "true"
+ allowSnippetAnnotations: false
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml b/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml
new file mode 100644
index 0000000..a564eaf
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-customnodeport-values.yaml
@@ -0,0 +1,20 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: NodePort
+ nodePorts:
+ tcp:
+ 9000: 30090
+ udp:
+ 9001: 30091
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deployment-default-values.yaml b/charts/ingress-nginx/ci/deployment-default-values.yaml
new file mode 100644
index 0000000..9f46b4e
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-default-values.yaml
@@ -0,0 +1,8 @@
+# Left blank to test default values
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-headers-values.yaml b/charts/ingress-nginx/ci/deployment-headers-values.yaml
new file mode 100644
index 0000000..17a11ac
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-headers-values.yaml
@@ -0,0 +1,13 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ addHeaders:
+ X-Frame-Options: deny
+ proxySetHeaders:
+ X-Forwarded-Proto: https
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml b/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml
new file mode 100644
index 0000000..fd8df8d
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-internal-lb-values.yaml
@@ -0,0 +1,13 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+ internal:
+ enabled: true
+ annotations:
+ service.beta.kubernetes.io/aws-load-balancer-internal: "true"
diff --git a/charts/ingress-nginx/ci/deployment-metrics-values.yaml b/charts/ingress-nginx/ci/deployment-metrics-values.yaml
new file mode 100644
index 0000000..9209ad5
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-metrics-values.yaml
@@ -0,0 +1,11 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ metrics:
+ enabled: true
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/ci/deployment-nodeport-values.yaml b/charts/ingress-nginx/ci/deployment-nodeport-values.yaml
new file mode 100644
index 0000000..cd9b323
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-nodeport-values.yaml
@@ -0,0 +1,9 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: NodePort
diff --git a/charts/ingress-nginx/ci/deployment-podannotations-values.yaml b/charts/ingress-nginx/ci/deployment-podannotations-values.yaml
new file mode 100644
index 0000000..b48d93c
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-podannotations-values.yaml
@@ -0,0 +1,16 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ metrics:
+ enabled: true
+ service:
+ type: ClusterIP
+ podAnnotations:
+ prometheus.io/path: /metrics
+ prometheus.io/port: "10254"
+ prometheus.io/scheme: http
+ prometheus.io/scrape: "true"
diff --git a/charts/ingress-nginx/ci/deployment-psp-values.yaml b/charts/ingress-nginx/ci/deployment-psp-values.yaml
new file mode 100644
index 0000000..2f332a7
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-psp-values.yaml
@@ -0,0 +1,10 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ service:
+ type: ClusterIP
+
+podSecurityPolicy:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml
new file mode 100644
index 0000000..c51a4e9
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-tcp-udp-configMapNamespace-values.yaml
@@ -0,0 +1,19 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+ tcp:
+ configMapNamespace: default
+ udp:
+ configMapNamespace: default
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml
new file mode 100644
index 0000000..5b45b69
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-tcp-udp-values.yaml
@@ -0,0 +1,15 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: false
+ service:
+ type: ClusterIP
+
+tcp:
+ 9000: "default/test:8080"
+
+udp:
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deployment-tcp-values.yaml b/charts/ingress-nginx/ci/deployment-tcp-values.yaml
new file mode 100644
index 0000000..ac0b6e6
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-tcp-values.yaml
@@ -0,0 +1,11 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ service:
+ type: ClusterIP
+
+tcp:
+ 9000: "default/test:8080"
+ 9001: "default/test:8080"
diff --git a/charts/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml
new file mode 100644
index 0000000..6195bb3
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-webhook-and-psp-values.yaml
@@ -0,0 +1,12 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: true
+ service:
+ type: ClusterIP
+
+podSecurityPolicy:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml
new file mode 100644
index 0000000..49ebbb0
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-webhook-resources-values.yaml
@@ -0,0 +1,23 @@
+controller:
+ service:
+ type: ClusterIP
+ admissionWebhooks:
+ enabled: true
+ createSecretJob:
+ resources:
+ limits:
+ cpu: 10m
+ memory: 20Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ patchWebhookJob:
+ resources:
+ limits:
+ cpu: 10m
+ memory: 20Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ patch:
+ enabled: true
diff --git a/charts/ingress-nginx/ci/deployment-webhook-values.yaml b/charts/ingress-nginx/ci/deployment-webhook-values.yaml
new file mode 100644
index 0000000..76669a5
--- /dev/null
+++ b/charts/ingress-nginx/ci/deployment-webhook-values.yaml
@@ -0,0 +1,9 @@
+controller:
+ image:
+ repository: ingress-controller/controller
+ tag: 1.0.0-dev
+ digest: null
+ admissionWebhooks:
+ enabled: true
+ service:
+ type: ClusterIP
diff --git a/charts/ingress-nginx/templates/NOTES.txt b/charts/ingress-nginx/templates/NOTES.txt
new file mode 100644
index 0000000..03ece9c
--- /dev/null
+++ b/charts/ingress-nginx/templates/NOTES.txt
@@ -0,0 +1,71 @@
+The ingress-nginx controller has been installed.
+
+{{- if contains "NodePort" .Values.controller.service.type }}
+Get the application URL by running these commands:
+
+{{- if (not (empty .Values.controller.service.nodePorts.http)) }}
+ export HTTP_NODE_PORT={{ .Values.controller.service.nodePorts.http }}
+{{- else }}
+ export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ include "ingress-nginx.controller.fullname" . }})
+{{- end }}
+{{- if (not (empty .Values.controller.service.nodePorts.https)) }}
+ export HTTPS_NODE_PORT={{ .Values.controller.service.nodePorts.https }}
+{{- else }}
+ export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ include "ingress-nginx.controller.fullname" . }})
+{{- end }}
+ export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}")
+
+ echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP."
+ echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS."
+{{- else if contains "LoadBalancer" .Values.controller.service.type }}
+It may take a few minutes for the LoadBalancer IP to be available.
+You can watch the status by running 'kubectl --namespace {{ .Release.Namespace }} get services -o wide -w {{ include "ingress-nginx.controller.fullname" . }}'
+{{- else if contains "ClusterIP" .Values.controller.service.type }}
+Get the application URL by running these commands:
+ export POD_NAME=$(kubectl --namespace {{ .Release.Namespace }} get pods -o jsonpath="{.items[0].metadata.name}" -l "app={{ template "ingress-nginx.name" . }},component={{ .Values.controller.name }},release={{ .Release.Name }}")
+ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+ echo "Visit http://127.0.0.1:8080 to access your application."
+{{- end }}
+
+An example Ingress that makes use of the controller:
+
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ annotations:
+ kubernetes.io/ingress.class: {{ .Values.controller.ingressClassResource.name }}
+ name: example
+ namespace: foo
+ spec:
+ rules:
+ - host: www.example.com
+ http:
+ paths:
+ - backend:
+ serviceName: exampleService
+ servicePort: 80
+ path: /
+ # This section is only required if TLS is to be enabled for the Ingress
+ tls:
+ - hosts:
+ - www.example.com
+ secretName: example-tls
+
+If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
+
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: example-tls
+ namespace: foo
+ data:
+ tls.crt: <base64 encoded cert>
+ tls.key: <base64 encoded key>
+ type: kubernetes.io/tls
+
+{{- if .Values.controller.headers }}
+#################################################################################
+###### WARNING: `controller.headers` has been deprecated! #####
+###### It has been renamed to `controller.proxySetHeaders`. #####
+#################################################################################
+{{- end }}
diff --git a/charts/ingress-nginx/templates/_helpers.tpl b/charts/ingress-nginx/templates/_helpers.tpl
new file mode 100644
index 0000000..8b1fd09
--- /dev/null
+++ b/charts/ingress-nginx/templates/_helpers.tpl
@@ -0,0 +1,134 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ingress-nginx.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ingress-nginx.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "ingress-nginx.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified controller name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "ingress-nginx.controller.fullname" -}}
+{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct the path for the publish-service.
+
+By convention this will simply use the <namespace>/<controller-name> to match the name of the
+service generated.
+
+Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
+
+*/}}
+{{- define "ingress-nginx.controller.publishServicePath" -}}
+{{- $defServiceName := printf "%s/%s" "$(POD_NAMESPACE)" (include "ingress-nginx.controller.fullname" .) -}}
+{{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
+{{- print $servicePath | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified default backend name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "ingress-nginx.defaultBackend.fullname" -}}
+{{- printf "%s-%s" (include "ingress-nginx.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "ingress-nginx.labels" -}}
+helm.sh/chart: {{ include "ingress-nginx.chart" . }}
+{{ include "ingress-nginx.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ingress-nginx.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ingress-nginx.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "ingress-nginx.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "ingress-nginx.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
+*/}}
+{{- define "ingress-nginx.defaultBackend.serviceAccountName" -}}
+{{- if .Values.defaultBackend.serviceAccount.create -}}
+ {{ default (printf "%s-backend" (include "ingress-nginx.fullname" .)) .Values.defaultBackend.serviceAccount.name }}
+{{- else -}}
+ {{ default "default-backend" .Values.defaultBackend.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiGroup for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiGroup" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy" -}}
+{{- else -}}
+{{- print "extensions" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Check the ingress controller version tag is at most three versions behind the last release
+*/}}
+{{- define "isControllerTagValid" -}}
+{{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}}
+{{- fail "Controller container image tag should be 0.27.0 or higher" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+IngressClass parameters.
+*/}}
+{{- define "ingressClass.parameters" -}}
+ {{- if .Values.controller.ingressClassResource.parameters -}}
+ parameters:
+{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4}}
+ {{ end }}
+{{- end -}}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
new file mode 100644
index 0000000..fd762f9
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
@@ -0,0 +1,31 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+rules:
+ - apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - update
+{{- if .Values.podSecurityPolicy.enabled }}
+ - apiGroups: ['extensions']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ {{- with .Values.controller.admissionWebhooks.existingPsp }}
+ - {{ . }}
+ {{- else }}
+ - {{ include "ingress-nginx.fullname" . }}-admission
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
new file mode 100644
index 0000000..4990fb1
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
new file mode 100644
index 0000000..1f58bdc
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -0,0 +1,64 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission-create
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+spec:
+{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+ # Alpha feature since k8s 1.12
+ ttlSecondsAfterFinished: 0
+{{- end }}
+ template:
+ metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission-create
+ {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
+ annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 8 }}
+ app.kubernetes.io/component: admission-webhook
+ spec:
+ {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
+ priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: create
+ {{- with .Values.controller.admissionWebhooks.patch.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
+ args:
+ - create
+ - --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc
+ - --namespace=$(POD_NAMESPACE)
+ - --secret-name={{ include "ingress-nginx.fullname" . }}-admission
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.controller.admissionWebhooks.createSecretJob.resources }}
+ resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
+ {{- end }}
+ restartPolicy: OnFailure
+ serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
+ {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.patch.tolerations }}
+ tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
+ {{- end }}
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
new file mode 100644
index 0000000..6d01ad2
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
@@ -0,0 +1,66 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission-patch
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+spec:
+{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
+ # Alpha feature since k8s 1.12
+ ttlSecondsAfterFinished: 0
+{{- end }}
+ template:
+ metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission-patch
+ {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
+ annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 8 }}
+ app.kubernetes.io/component: admission-webhook
+ spec:
+ {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
+ priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: patch
+ {{- with .Values.controller.admissionWebhooks.patch.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
+ args:
+ - patch
+ - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission
+ - --namespace=$(POD_NAMESPACE)
+ - --patch-mutating=false
+ - --secret-name={{ include "ingress-nginx.fullname" . }}-admission
+ - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }}
+ resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
+ {{- end }}
+ restartPolicy: OnFailure
+ serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
+ {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.patch.tolerations }}
+ tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }}
+ {{- end }}
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
new file mode 100644
index 0000000..d2c7de6
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled .Values.podSecurityPolicy.enabled (empty .Values.controller.admissionWebhooks.existingPsp) -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+spec:
+ allowPrivilegeEscalation: false
+ fsGroup:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: MustRunAsNonRoot
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ volumes:
+ - configMap
+ - emptyDir
+ - projected
+ - secret
+ - downwardAPI
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
new file mode 100644
index 0000000..9b083ee
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
new file mode 100644
index 0000000..edda07f
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
new file mode 100644
index 0000000..1ff0f7f
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+{{- end }}
diff --git a/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
new file mode 100644
index 0000000..712f74f
--- /dev/null
+++ b/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
@@ -0,0 +1,45 @@
+{{- if .Values.controller.admissionWebhooks.enabled -}}
+# before changing this value, check the required kubernetes version
+# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ {{- if .Values.controller.admissionWebhooks.annotations }}
+ annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: admission-webhook
+ name: {{ include "ingress-nginx.fullname" . }}-admission
+webhooks:
+ - name: validate.nginx.ingress.kubernetes.io
+ matchPolicy: Equivalent
+ rules:
+ - apiGroups:
+ - networking.k8s.io
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ingresses
+ failurePolicy: {{ .Values.controller.admissionWebhooks.failurePolicy | default "Fail" }}
+ sideEffects: None
+ admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ namespace: {{ .Release.Namespace | quote }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}-admission
+ path: /networking/v1/ingresses
+ {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
+ timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.namespaceSelector }}
+ namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.objectSelector }}
+ objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/clusterrole.yaml b/charts/ingress-nginx/templates/clusterrole.yaml
new file mode 100644
index 0000000..c1f901d
--- /dev/null
+++ b/charts/ingress-nginx/templates/clusterrole.yaml
@@ -0,0 +1,81 @@
+{{- if .Values.rbac.create }}
+
+{{- if and .Values.rbac.scope (not .Values.controller.scope.enabled) -}}
+ {{ required "Invalid configuration: 'rbac.scope' should be equal to 'controller.scope.enabled' (true/false)." (index (dict) ".") }}
+{{- end }}
+
+{{- if not .Values.rbac.scope -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ name: {{ include "ingress-nginx.fullname" . }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - endpoints
+ - nodes
+ - pods
+ - secrets
+ verbs:
+ - list
+ - watch
+{{- if and .Values.controller.scope.enabled .Values.controller.scope.namespace }}
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ resourceNames:
+ - "{{ .Values.controller.scope.namespace }}"
+ verbs:
+ - get
+{{- end }}
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+{{- end }}
+
+{{- end }}
diff --git a/charts/ingress-nginx/templates/clusterrolebinding.yaml b/charts/ingress-nginx/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..81be52b
--- /dev/null
+++ b/charts/ingress-nginx/templates/clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.rbac.create (not .Values.rbac.scope) -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ name: {{ include "ingress-nginx.fullname" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "ingress-nginx.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "ingress-nginx.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml
new file mode 100644
index 0000000..e0b7a0f
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap-addheaders.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.controller.addHeaders -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ include "ingress-nginx.fullname" . }}-custom-add-headers
+ namespace: {{ .Release.Namespace }}
+data: {{ toYaml .Values.controller.addHeaders | nindent 2 }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml
new file mode 100644
index 0000000..91f22f0
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap-proxyheaders.yaml
@@ -0,0 +1,16 @@
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
+ namespace: {{ .Release.Namespace }}
+data:
+{{- if .Values.controller.proxySetHeaders }}
+{{ toYaml .Values.controller.proxySetHeaders | indent 2 }}
+{{ else if and .Values.controller.headers (not .Values.controller.proxySetHeaders) }}
+{{ toYaml .Values.controller.headers | indent 2 }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap-tcp.yaml b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml
new file mode 100644
index 0000000..aaf336f
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap-tcp.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.tcp -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- if .Values.controller.tcp.annotations }}
+ annotations: {{ toYaml .Values.controller.tcp.annotations | nindent 4 }}
+{{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-tcp
+ namespace: {{ .Release.Namespace }}
+data: {{ tpl (toYaml .Values.tcp) . | nindent 2 }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap-udp.yaml b/charts/ingress-nginx/templates/controller-configmap-udp.yaml
new file mode 100644
index 0000000..7f46791
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap-udp.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.udp -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- if .Values.controller.udp.annotations }}
+ annotations: {{ toYaml .Values.controller.udp.annotations | nindent 4 }}
+{{- end }}
+ name: {{ include "ingress-nginx.fullname" . }}-udp
+ namespace: {{ .Release.Namespace }}
+data: {{ tpl (toYaml .Values.udp) . | nindent 2 }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml
new file mode 100644
index 0000000..6973892
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-configmap.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- if .Values.controller.configAnnotations }}
+ annotations: {{ toYaml .Values.controller.configAnnotations | nindent 4 }}
+{{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+data:
+ allow-snippet-annotations: "{{ .Values.controller.allowSnippetAnnotations }}"
+{{- if .Values.controller.addHeaders }}
+ add-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-add-headers
+{{- end }}
+{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
+ proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
+{{- end }}
+{{- if .Values.dhParam }}
+ ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }}
+{{- end }}
+{{- range $key, $value := .Values.controller.config }}
+ {{ $key | nindent 2 }}: {{ $value | quote }}
+{{- end }}
+
diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml
new file mode 100644
index 0000000..68291ed
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-daemonset.yaml
@@ -0,0 +1,256 @@
+{{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}}
+{{- include "isControllerTagValid" . -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.controller.annotations }}
+ annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: controller
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ {{- if .Values.controller.updateStrategy }}
+ updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
+ {{- end }}
+ minReadySeconds: {{ .Values.controller.minReadySeconds }}
+ template:
+ metadata:
+ {{- if .Values.controller.podAnnotations }}
+ annotations:
+ {{- range $key, $value := .Values.controller.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.podLabels }}
+ {{- toYaml .Values.controller.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.controller.dnsConfig }}
+ dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.hostname }}
+ hostname: {{ toYaml .Values.controller.hostname | nindent 8 }}
+ {{- end }}
+ dnsPolicy: {{ .Values.controller.dnsPolicy }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.priorityClassName }}
+ priorityClassName: {{ .Values.controller.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
+ securityContext:
+ {{- end }}
+ {{- if .Values.controller.podSecurityContext }}
+ {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.sysctls }}
+ sysctls:
+ {{- range $sysctl, $value := .Values.controller.sysctls }}
+ - name: {{ $sysctl | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ .Values.controller.containerName }}
+ {{- with .Values.controller.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+ {{- if .Values.controller.lifecycle }}
+ lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
+ {{- end }}
+ args:
+ - /nginx-ingress-controller
+ {{- if .Values.defaultBackend.enabled }}
+ - --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }}
+ {{- end }}
+ {{- if .Values.controller.publishService.enabled }}
+ - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
+ {{- end }}
+ - --election-id={{ .Values.controller.electionID }}
+ - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }}
+ - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }}
+ {{- if .Values.tcp }}
+ - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp
+ {{- end }}
+ {{- if .Values.udp }}
+ - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp
+ {{- end }}
+ {{- if .Values.controller.scope.enabled }}
+ - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }}
+ {{- end }}
+ {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
+ - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
+ - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
+ - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
+ {{- end }}
+ {{- if .Values.controller.maxmindMirror }}
+ - --maxmind-mirror={{ .Values.controller.maxmindMirror }}
+ {{- end}}
+ {{- if .Values.controller.maxmindLicenseKey }}
+ - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
+ {{- end }}
+ {{- if not (eq .Values.controller.healthCheckPath "/healthz") }}
+ - --health-check-path={{ .Values.controller.healthCheckPath }}
+ {{- end }}
+ {{- if .Values.controller.healthCheckHost }}
+ - --healthz-host={{ .Values.controller.healthCheckHost }}
+ {{- end }}
+ {{- if .Values.controller.ingressClassByName }}
+ - --ingress-class-by-name=true
+ {{- end }}
+ {{- if .Values.controller.watchIngressWithoutClass }}
+ - --watch-ingress-without-class=true
+ {{- end }}
+ {{- range $key, $value := .Values.controller.extraArgs }}
+ {{- /* Accept keys without values or with false as value */}}
+ {{- if eq ($value | quote | len) 2 }}
+ - --{{ $key }}
+ {{- else }}
+ - --{{ $key }}={{ $value }}
+ {{- end }}
+ {{- end }}
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ add:
+ - NET_BIND_SERVICE
+ runAsUser: {{ .Values.controller.image.runAsUser }}
+ allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.controller.enableMimalloc }}
+ - name: LD_PRELOAD
+ value: /usr/local/lib/libmimalloc.so
+ {{- end }}
+ {{- if .Values.controller.extraEnvs }}
+ {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
+ {{- end }}
+ {{- if .Values.controller.startupProbe }}
+ startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
+ {{- end }}
+ livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
+ readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
+ ports:
+ {{- range $key, $value := .Values.controller.containerPort }}
+ - name: {{ $key }}
+ containerPort: {{ $value }}
+ protocol: TCP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.metrics.enabled }}
+ - name: metrics
+ containerPort: {{ .Values.controller.metrics.port }}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook
+ containerPort: {{ .Values.controller.admissionWebhooks.port }}
+ protocol: TCP
+ {{- end }}
+ {{- range $key, $value := .Values.tcp }}
+ - name: {{ $key }}-tcp
+ containerPort: {{ $key }}
+ protocol: TCP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.udp }}
+ - name: {{ $key }}-udp
+ containerPort: {{ $key }}
+ protocol: UDP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
+ volumeMounts:
+ {{- if .Values.controller.customTemplate.configMapName }}
+ - mountPath: /etc/nginx/template
+ name: nginx-template-volume
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook-cert
+ mountPath: /usr/local/certificates/
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controller.extraVolumeMounts }}
+ {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.resources }}
+ resources: {{ toYaml .Values.controller.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.controller.extraContainers }}
+ {{ toYaml .Values.controller.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.extraInitContainers }}
+ initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.hostNetwork }}
+ hostNetwork: {{ .Values.controller.hostNetwork }}
+ {{- end }}
+ {{- if .Values.controller.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.tolerations }}
+ tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.affinity }}
+ affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.topologySpreadConstraints }}
+ topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
+ terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+ {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
+ volumes:
+ {{- if .Values.controller.customTemplate.configMapName }}
+ - name: nginx-template-volume
+ configMap:
+ name: {{ .Values.controller.customTemplate.configMapName }}
+ items:
+ - key: {{ .Values.controller.customTemplate.configMapKey }}
+ path: nginx.tmpl
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook-cert
+ secret:
+ secretName: {{ include "ingress-nginx.fullname" . }}-admission
+ {{- end }}
+ {{- if .Values.controller.extraVolumes }}
+ {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml
new file mode 100644
index 0000000..24714a5
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-deployment.yaml
@@ -0,0 +1,257 @@
+{{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}}
+{{- include "isControllerTagValid" . -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.controller.annotations }}
+ annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: controller
+ {{- if not .Values.controller.autoscaling.enabled }}
+ replicas: {{ .Values.controller.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ {{- if .Values.controller.updateStrategy }}
+ strategy:
+ {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
+ {{- end }}
+ minReadySeconds: {{ .Values.controller.minReadySeconds }}
+ template:
+ metadata:
+ {{- if .Values.controller.podAnnotations }}
+ annotations:
+ {{- range $key, $value := .Values.controller.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.podLabels }}
+ {{- toYaml .Values.controller.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.controller.dnsConfig }}
+ dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.hostname }}
+ hostname: {{ toYaml .Values.controller.hostname | nindent 8 }}
+ {{- end }}
+ dnsPolicy: {{ .Values.controller.dnsPolicy }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.priorityClassName }}
+ priorityClassName: {{ .Values.controller.priorityClassName }}
+ {{- end }}
+ {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
+ securityContext:
+ {{- end }}
+ {{- if .Values.controller.podSecurityContext }}
+ {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.sysctls }}
+ sysctls:
+ {{- range $sysctl, $value := .Values.controller.sysctls }}
+ - name: {{ $sysctl | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ .Values.controller.containerName }}
+ {{- with .Values.controller.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+ {{- if .Values.controller.lifecycle }}
+ lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
+ {{- end }}
+ args:
+ - /nginx-ingress-controller
+ {{- if .Values.defaultBackend.enabled }}
+ - --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }}
+ {{- end }}
+ {{- if .Values.controller.publishService.enabled }}
+ - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }}
+ {{- end }}
+ - --election-id={{ .Values.controller.electionID }}
+ - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }}
+ - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }}
+ {{- if .Values.tcp }}
+ - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp
+ {{- end }}
+ {{- if .Values.udp }}
+ - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp
+ {{- end }}
+ {{- if .Values.controller.scope.enabled }}
+ - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }}
+ {{- end }}
+ {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }}
+ - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }}
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }}
+ - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }}
+ - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }}
+ {{- end }}
+ {{- if .Values.controller.maxmindLicenseKey }}
+ - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }}
+ {{- end }}
+ {{- if .Values.controller.healthCheckHost }}
+ - --healthz-host={{ .Values.controller.healthCheckHost }}
+ {{- end }}
+ {{- if not (eq .Values.controller.healthCheckPath "/healthz") }}
+ - --health-check-path={{ .Values.controller.healthCheckPath }}
+ {{- end }}
+ {{- if .Values.controller.ingressClassByName }}
+ - --ingress-class-by-name=true
+ {{- end }}
+ {{- if .Values.controller.watchIngressWithoutClass }}
+ - --watch-ingress-without-class=true
+ {{- end }}
+ {{- range $key, $value := .Values.controller.extraArgs }}
+ {{- /* Accept keys without values or with false as value */}}
+ {{- if eq ($value | quote | len) 2 }}
+ - --{{ $key }}
+ {{- else }}
+ - --{{ $key }}={{ $value }}
+ {{- end }}
+ {{- end }}
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ add:
+ - NET_BIND_SERVICE
+ runAsUser: {{ .Values.controller.image.runAsUser }}
+ allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }}
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.controller.enableMimalloc }}
+ - name: LD_PRELOAD
+ value: /usr/local/lib/libmimalloc.so
+ {{- end }}
+ {{- if .Values.controller.extraEnvs }}
+ {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
+ {{- end }}
+ {{- if .Values.controller.startupProbe }}
+ startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
+ {{- end }}
+ livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
+ readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
+ ports:
+ {{- range $key, $value := .Values.controller.containerPort }}
+ - name: {{ $key }}
+ containerPort: {{ $value }}
+ protocol: TCP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.metrics.enabled }}
+ - name: metrics
+ containerPort: {{ .Values.controller.metrics.port }}
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook
+ containerPort: {{ .Values.controller.admissionWebhooks.port }}
+ protocol: TCP
+ {{- end }}
+ {{- range $key, $value := .Values.tcp }}
+ - name: {{ $key }}-tcp
+ containerPort: {{ $key }}
+ protocol: TCP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.udp }}
+ - name: {{ $key }}-udp
+ containerPort: {{ $key }}
+ protocol: UDP
+ {{- if $.Values.controller.hostPort.enabled }}
+ hostPort: {{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }}
+ volumeMounts:
+ {{- if .Values.controller.customTemplate.configMapName }}
+ - mountPath: /etc/nginx/template
+ name: nginx-template-volume
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook-cert
+ mountPath: /usr/local/certificates/
+ readOnly: true
+ {{- end }}
+ {{- if .Values.controller.extraVolumeMounts }}
+ {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.resources }}
+ resources: {{ toYaml .Values.controller.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.controller.extraContainers }}
+ {{ toYaml .Values.controller.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.extraInitContainers }}
+ initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.hostNetwork }}
+ hostNetwork: {{ .Values.controller.hostNetwork }}
+ {{- end }}
+ {{- if .Values.controller.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.tolerations }}
+ tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.affinity }}
+ affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
+ {{- end }}
+ {{- if .Values.controller.topologySpreadConstraints }}
+ topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
+ terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
+ {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }}
+ volumes:
+ {{- if .Values.controller.customTemplate.configMapName }}
+ - name: nginx-template-volume
+ configMap:
+ name: {{ .Values.controller.customTemplate.configMapName }}
+ items:
+ - key: {{ .Values.controller.customTemplate.configMapKey }}
+ path: nginx.tmpl
+ {{- end }}
+ {{- if .Values.controller.admissionWebhooks.enabled }}
+ - name: webhook-cert
+ secret:
+ secretName: {{ include "ingress-nginx.fullname" . }}-admission
+ {{- end }}
+ {{- if .Values.controller.extraVolumes }}
+ {{ toYaml .Values.controller.extraVolumes | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-hpa.yaml b/charts/ingress-nginx/templates/controller-hpa.yaml
new file mode 100644
index 0000000..876315f
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-hpa.yaml
@@ -0,0 +1,49 @@
+{{- if and .Values.controller.autoscaling.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
+{{- if not .Values.controller.keda.enabled }}
+
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+ annotations:
+ {{- with .Values.controller.autoscaling.annotations }}
+ {{- toYaml . | trimSuffix "\n" | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
+ metrics:
+ {{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- end }}
+ {{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ . }}
+ {{- end }}
+ {{- with .Values.controller.autoscalingTemplate }}
+ {{- toYaml . | nindent 2 }}
+ {{- end }}
+ {{- with .Values.controller.autoscaling.behavior }}
+ behavior:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
+{{- end }}
+
diff --git a/charts/ingress-nginx/templates/controller-ingressclass.yaml b/charts/ingress-nginx/templates/controller-ingressclass.yaml
new file mode 100644
index 0000000..9492784
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-ingressclass.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.controller.ingressClassResource.enabled -}}
+# We don't support namespaced ingressClass yet
+# So a ClusterRole and a ClusterRoleBinding is required
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- with .Values.controller.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ .Values.controller.ingressClassResource.name }}
+{{- if .Values.controller.ingressClassResource.default }}
+ annotations:
+ ingressclass.kubernetes.io/is-default-class: "true"
+{{- end }}
+spec:
+ controller: {{ .Values.controller.ingressClassResource.controllerValue }}
+ {{ template "ingressClass.parameters" . }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-keda.yaml b/charts/ingress-nginx/templates/controller-keda.yaml
new file mode 100644
index 0000000..c7eebf5
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-keda.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.controller.keda.enabled (or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both")) -}}
+# https://keda.sh/docs/
+
+apiVersion: {{ .Values.controller.keda.apiVersion }}
+kind: ScaledObject
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ {{- if .Values.controller.keda.scaledObject.annotations }}
+ annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }}
+ {{- end }}
+spec:
+ scaleTargetRef:
+{{- if eq .Values.controller.keda.apiVersion "keda.k8s.io/v1alpha1" }}
+ deploymentName: {{ include "ingress-nginx.controller.fullname" . }}
+{{- else if eq .Values.controller.keda.apiVersion "keda.sh/v1alpha1" }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+{{- end }}
+ pollingInterval: {{ .Values.controller.keda.pollingInterval }}
+ cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }}
+ minReplicaCount: {{ .Values.controller.keda.minReplicas }}
+ maxReplicaCount: {{ .Values.controller.keda.maxReplicas }}
+ triggers:
+{{- with .Values.controller.keda.triggers }}
+{{ toYaml . | indent 2 }}
+{{ end }}
+ advanced:
+ restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }}
+{{- if .Values.controller.keda.behavior }}
+ horizontalPodAutoscalerConfig:
+ behavior:
+{{ with .Values.controller.keda.behavior -}}
+{{ toYaml . | indent 8 }}
+{{ end }}
+
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
new file mode 100644
index 0000000..9556f58
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
@@ -0,0 +1,16 @@
+{{- if or (and .Values.controller.autoscaling.enabled (gt (.Values.controller.autoscaling.minReplicas | int) 1)) (and (not .Values.controller.autoscaling.enabled) (gt (.Values.controller.replicaCount | int) 1)) }}
+apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
+kind: PodDisruptionBudget
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: controller
+ minAvailable: {{ .Values.controller.minAvailable }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-prometheusrules.yaml b/charts/ingress-nginx/templates/controller-prometheusrules.yaml
new file mode 100644
index 0000000..ca54275
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-prometheusrules.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.controller.metrics.enabled .Values.controller.metrics.prometheusRule.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+{{- if .Values.controller.metrics.prometheusRule.namespace }}
+ namespace: {{ .Values.controller.metrics.prometheusRule.namespace | quote }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
+ {{- toYaml .Values.controller.metrics.prometheusRule.additionalLabels | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .Values.controller.metrics.prometheusRule.rules }}
+ groups:
+ - name: {{ template "ingress-nginx.name" . }}
+ rules: {{- toYaml .Values.controller.metrics.prometheusRule.rules | nindent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-psp.yaml b/charts/ingress-nginx/templates/controller-psp.yaml
new file mode 100644
index 0000000..bdb8563
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-psp.yaml
@@ -0,0 +1,86 @@
+{{- if and .Values.podSecurityPolicy.enabled (empty .Values.controller.existingPsp) -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+spec:
+ allowedCapabilities:
+ - NET_BIND_SERVICE
+{{- if .Values.controller.sysctls }}
+ allowedUnsafeSysctls:
+ {{- range $sysctl, $value := .Values.controller.sysctls }}
+ - {{ $sysctl }}
+ {{- end }}
+{{- end }}
+ privileged: false
+ allowPrivilegeEscalation: true
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ #- 'projected'
+ - 'secret'
+ #- 'downwardAPI'
+{{- if .Values.controller.hostNetwork }}
+ hostNetwork: {{ .Values.controller.hostNetwork }}
+{{- end }}
+{{- if or .Values.controller.hostNetwork .Values.controller.hostPort.enabled }}
+ hostPorts:
+{{- if .Values.controller.hostNetwork }}
+{{- range $key, $value := .Values.controller.containerPort }}
+ # {{ $key }}
+ - min: {{ $value }}
+ max: {{ $value }}
+{{- end }}
+{{- else if .Values.controller.hostPort.enabled }}
+{{- range $key, $value := .Values.controller.hostPort.ports }}
+ # {{ $key }}
+ - min: {{ $value }}
+ max: {{ $value }}
+{{- end }}
+{{- end }}
+{{- if .Values.controller.metrics.enabled }}
+ # metrics
+ - min: {{ .Values.controller.metrics.port }}
+ max: {{ .Values.controller.metrics.port }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.enabled }}
+ # admission webhooks
+ - min: {{ .Values.controller.admissionWebhooks.port }}
+ max: {{ .Values.controller.admissionWebhooks.port }}
+{{- end }}
+{{- range $key, $value := .Values.tcp }}
+ # {{ $key }}-tcp
+ - min: {{ $key }}
+ max: {{ $key }}
+{{- end }}
+{{- range $key, $value := .Values.udp }}
+ # {{ $key }}-udp
+ - min: {{ $key }}
+ max: {{ $key }}
+{{- end }}
+{{- end }}
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Require the container to run without root privileges.
+ rule: 'MustRunAsNonRoot'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+ seLinux:
+ rule: 'RunAsAny'
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-role.yaml b/charts/ingress-nginx/templates/controller-role.yaml
new file mode 100644
index 0000000..97c627d
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-role.yaml
@@ -0,0 +1,90 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ include "ingress-nginx.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - pods
+ - secrets
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ resourceNames:
+ - {{ .Values.controller.electionID }}
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+{{- if .Values.podSecurityPolicy.enabled }}
+ - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ {{- with .Values.controller.existingPsp }}
+ resourceNames: [{{ . }}]
+ {{- else }}
+ resourceNames: [{{ include "ingress-nginx.fullname" . }}]
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-rolebinding.yaml b/charts/ingress-nginx/templates/controller-rolebinding.yaml
new file mode 100644
index 0000000..5ec3bc7
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-rolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ include "ingress-nginx.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "ingress-nginx.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "ingress-nginx.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-service-internal.yaml b/charts/ingress-nginx/templates/controller-service-internal.yaml
new file mode 100644
index 0000000..5994498
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-service-internal.yaml
@@ -0,0 +1,79 @@
+{{- if and .Values.controller.service.enabled .Values.controller.service.internal.enabled .Values.controller.service.internal.annotations}}
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ {{- range $key, $value := .Values.controller.service.internal.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.service.labels }}
+ {{- toYaml .Values.controller.service.labels | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}-internal
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: "{{ .Values.controller.service.type }}"
+{{- if .Values.controller.service.internal.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.controller.service.internal.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.service.internal.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.controller.service.internal.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.service.internal.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.controller.service.internal.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
+ {{- if .Values.controller.service.enableHttp }}
+ - name: http
+ port: {{ .Values.controller.service.ports.http }}
+ protocol: TCP
+ targetPort: {{ .Values.controller.service.targetPorts.http }}
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: http
+ {{- end }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
+ nodePort: {{ .Values.controller.service.nodePorts.http }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.service.enableHttps }}
+ - name: https
+ port: {{ .Values.controller.service.ports.https }}
+ protocol: TCP
+ targetPort: {{ .Values.controller.service.targetPorts.https }}
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: https
+ {{- end }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
+ nodePort: {{ .Values.controller.service.nodePorts.https }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.tcp }}
+ - name: {{ $key }}-tcp
+ port: {{ $key }}
+ protocol: TCP
+ targetPort: {{ $key }}-tcp
+ {{- if $.Values.controller.service.nodePorts.tcp }}
+ {{- if index $.Values.controller.service.nodePorts.tcp $key }}
+ nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.udp }}
+ - name: {{ $key }}-udp
+ port: {{ $key }}
+ protocol: UDP
+ targetPort: {{ $key }}-udp
+ {{- if $.Values.controller.service.nodePorts.udp }}
+ {{- if index $.Values.controller.service.nodePorts.udp $key }}
+ nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-service-metrics.yaml b/charts/ingress-nginx/templates/controller-service-metrics.yaml
new file mode 100644
index 0000000..1b69019
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-service-metrics.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.controller.metrics.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.metrics.service.annotations }}
+ annotations: {{ toYaml .Values.controller.metrics.service.annotations | nindent 4 }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.metrics.service.labels }}
+ {{- toYaml .Values.controller.metrics.service.labels | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}-metrics
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: {{ .Values.controller.metrics.service.type }}
+{{- if .Values.controller.metrics.service.clusterIP }}
+ clusterIP: {{ .Values.controller.metrics.service.clusterIP }}
+{{- end }}
+{{- if .Values.controller.metrics.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.metrics.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.controller.metrics.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.metrics.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.controller.metrics.service.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.metrics.service.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.controller.metrics.service.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ - name: metrics
+ port: {{ .Values.controller.metrics.service.servicePort }}
+ targetPort: metrics
+ {{- $setNodePorts := (or (eq .Values.controller.metrics.service.type "NodePort") (eq .Values.controller.metrics.service.type "LoadBalancer")) }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.metrics.service.nodePort))) }}
+ nodePort: {{ .Values.controller.metrics.service.nodePort }}
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-service-webhook.yaml b/charts/ingress-nginx/templates/controller-service-webhook.yaml
new file mode 100644
index 0000000..ae3b1fc
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-service-webhook.yaml
@@ -0,0 +1,37 @@
+{{- if .Values.controller.admissionWebhooks.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.controller.admissionWebhooks.service.annotations }}
+ annotations: {{ toYaml .Values.controller.admissionWebhooks.service.annotations | nindent 4 }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ include "ingress-nginx.controller.fullname" . }}-admission
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: {{ .Values.controller.admissionWebhooks.service.type }}
+{{- if .Values.controller.admissionWebhooks.service.clusterIP }}
+ clusterIP: {{ .Values.controller.admissionWebhooks.service.clusterIP }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.controller.admissionWebhooks.service.externalIPs | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.controller.admissionWebhooks.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.controller.admissionWebhooks.service.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+ ports:
+ - name: https-webhook
+ port: 443
+ targetPort: webhook
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: https
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-service.yaml b/charts/ingress-nginx/templates/controller-service.yaml
new file mode 100644
index 0000000..9248818
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-service.yaml
@@ -0,0 +1,91 @@
+{{- if .Values.controller.service.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ {{- range $key, $value := .Values.controller.service.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.service.labels }}
+ {{- toYaml .Values.controller.service.labels | nindent 4 }}
+ {{- end }}
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: {{ .Values.controller.service.type }}
+{{- if .Values.controller.service.clusterIP }}
+ clusterIP: {{ .Values.controller.service.clusterIP }}
+{{- end }}
+{{- if .Values.controller.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.controller.service.externalIPs | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.controller.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.controller.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.controller.service.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+{{- if .Values.controller.service.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
+{{- end }}
+{{- if .Values.controller.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
+{{- end }}
+{{- if .Values.controller.service.healthCheckNodePort }}
+ healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
+{{- end }}
+ ports:
+ {{- $setNodePorts := (or (eq .Values.controller.service.type "NodePort") (eq .Values.controller.service.type "LoadBalancer")) }}
+ {{- if .Values.controller.service.enableHttp }}
+ - name: http
+ port: {{ .Values.controller.service.ports.http }}
+ protocol: TCP
+ targetPort: {{ .Values.controller.service.targetPorts.http }}
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: http
+ {{- end }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.http))) }}
+ nodePort: {{ .Values.controller.service.nodePorts.http }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.controller.service.enableHttps }}
+ - name: https
+ port: {{ .Values.controller.service.ports.https }}
+ protocol: TCP
+ targetPort: {{ .Values.controller.service.targetPorts.https }}
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: https
+ {{- end }}
+ {{- if (and $setNodePorts (not (empty .Values.controller.service.nodePorts.https))) }}
+ nodePort: {{ .Values.controller.service.nodePorts.https }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.tcp }}
+ - name: {{ $key }}-tcp
+ port: {{ $key }}
+ protocol: TCP
+ targetPort: {{ $key }}-tcp
+ {{- if $.Values.controller.service.nodePorts.tcp }}
+ {{- if index $.Values.controller.service.nodePorts.tcp $key }}
+ nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.udp }}
+ - name: {{ $key }}-udp
+ port: {{ $key }}
+ protocol: UDP
+ targetPort: {{ $key }}-udp
+ {{- if $.Values.controller.service.nodePorts.udp }}
+ {{- if index $.Values.controller.service.nodePorts.udp $key }}
+ nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-serviceaccount.yaml b/charts/ingress-nginx/templates/controller-serviceaccount.yaml
new file mode 100644
index 0000000..50a718d
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if or .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ name: {{ template "ingress-nginx.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/controller-servicemonitor.yaml b/charts/ingress-nginx/templates/controller-servicemonitor.yaml
new file mode 100644
index 0000000..17894c8
--- /dev/null
+++ b/charts/ingress-nginx/templates/controller-servicemonitor.yaml
@@ -0,0 +1,45 @@
+{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.controller.metrics.enabled .Values.controller.metrics.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "ingress-nginx.controller.fullname" . }}
+{{- if .Values.controller.metrics.serviceMonitor.namespace }}
+ namespace: {{ .Values.controller.metrics.serviceMonitor.namespace | quote }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: controller
+ {{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
+ {{- toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | nindent 4 }}
+ {{- end }}
+spec:
+ endpoints:
+ - port: metrics
+ interval: {{ .Values.controller.metrics.serviceMonitor.scrapeInterval }}
+ {{- if .Values.controller.metrics.serviceMonitor.honorLabels }}
+ honorLabels: true
+ {{- end }}
+ {{- if .Values.controller.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{ toYaml .Values.controller.metrics.serviceMonitor.metricRelabelings | nindent 8 }}
+ {{- end }}
+{{- if .Values.controller.metrics.serviceMonitor.jobLabel }}
+ jobLabel: {{ .Values.controller.metrics.serviceMonitor.jobLabel | quote }}
+{{- end }}
+{{- if .Values.controller.metrics.serviceMonitor.namespaceSelector }}
+ namespaceSelector: {{ toYaml .Values.controller.metrics.serviceMonitor.namespaceSelector | nindent 4 }}
+{{ else }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end }}
+{{- if .Values.controller.metrics.serviceMonitor.targetLabels }}
+ targetLabels:
+ {{- range .Values.controller.metrics.serviceMonitor.targetLabels }}
+ - {{ . }}
+ {{- end }}
+{{- end }}
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: controller
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-deployment.yaml b/charts/ingress-nginx/templates/default-backend-deployment.yaml
new file mode 100644
index 0000000..9934526
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml
@@ -0,0 +1,112 @@
+{{- if .Values.defaultBackend.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: default-backend
+{{- if not .Values.defaultBackend.autoscaling.enabled }}
+ replicas: {{ .Values.defaultBackend.replicaCount }}
+{{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ template:
+ metadata:
+ {{- if .Values.defaultBackend.podAnnotations }}
+ annotations: {{ toYaml .Values.defaultBackend.podAnnotations | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 8 }}
+ app.kubernetes.io/component: default-backend
+ {{- if .Values.defaultBackend.podLabels }}
+ {{- toYaml .Values.defaultBackend.podLabels | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.priorityClassName }}
+ priorityClassName: {{ .Values.defaultBackend.priorityClassName }}
+ {{- end }}
+ {{- if .Values.defaultBackend.podSecurityContext }}
+ securityContext: {{ toYaml .Values.defaultBackend.podSecurityContext | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ template "ingress-nginx.name" . }}-default-backend
+ {{- with .Values.defaultBackend.image }}
+ image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
+ {{- end }}
+ imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
+ {{- if .Values.defaultBackend.extraArgs }}
+ args:
+ {{- range $key, $value := .Values.defaultBackend.extraArgs }}
+ {{- /* Accept keys without values or with false as value */}}
+ {{- if eq ($value | quote | len) 2 }}
+ - --{{ $key }}
+ {{- else }}
+ - --{{ $key }}={{ $value }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
+ runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
+ allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
+ readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}}
+ {{- if .Values.defaultBackend.extraEnvs }}
+ env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
+ {{- end }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.defaultBackend.port }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.defaultBackend.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.defaultBackend.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.defaultBackend.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.defaultBackend.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.defaultBackend.livenessProbe.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: {{ .Values.defaultBackend.port }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.defaultBackend.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.defaultBackend.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.defaultBackend.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.defaultBackend.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.defaultBackend.readinessProbe.failureThreshold }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.defaultBackend.port }}
+ protocol: TCP
+ {{- if .Values.defaultBackend.extraVolumeMounts }}
+ volumeMounts: {{- toYaml .Values.defaultBackend.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.resources }}
+ resources: {{ toYaml .Values.defaultBackend.resources | nindent 12 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.defaultBackend.nodeSelector | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
+ {{- if .Values.defaultBackend.tolerations }}
+ tolerations: {{ toYaml .Values.defaultBackend.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.defaultBackend.affinity }}
+ affinity: {{ toYaml .Values.defaultBackend.affinity | nindent 8 }}
+ {{- end }}
+ terminationGracePeriodSeconds: 60
+ {{- if .Values.defaultBackend.extraVolumes }}
+ volumes: {{ toYaml .Values.defaultBackend.extraVolumes | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-hpa.yaml b/charts/ingress-nginx/templates/default-backend-hpa.yaml
new file mode 100644
index 0000000..e31fda3
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-hpa.yaml
@@ -0,0 +1,30 @@
+{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ template "ingress-nginx.defaultBackend.fullname" . }}
+ minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
+ metrics:
+{{- with .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ . }}
+{{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml
new file mode 100644
index 0000000..9e586aa
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml
@@ -0,0 +1,16 @@
+{{- if or (gt (.Values.defaultBackend.replicaCount | int) 1) (gt (.Values.defaultBackend.autoscaling.minReplicas | int) 1) }}
+apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
+kind: PodDisruptionBudget
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
+ app.kubernetes.io/component: default-backend
+ minAvailable: {{ .Values.defaultBackend.minAvailable }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml
new file mode 100644
index 0000000..716dbf1
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-psp.yaml
@@ -0,0 +1,33 @@
+{{- if and .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled (empty .Values.defaultBackend.existingPsp) -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "ingress-nginx.fullname" . }}-backend
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+spec:
+ allowPrivilegeEscalation: false
+ fsGroup:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: MustRunAsNonRoot
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ volumes:
+ - configMap
+ - emptyDir
+ - projected
+ - secret
+ - downwardAPI
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-role.yaml b/charts/ingress-nginx/templates/default-backend-role.yaml
new file mode 100644
index 0000000..5d29a2d
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-role.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ name: {{ include "ingress-nginx.fullname" . }}-backend
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups: [{{ template "podSecurityPolicy.apiGroup" . }}]
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ {{- with .Values.defaultBackend.existingPsp }}
+ resourceNames: [{{ . }}]
+ {{- else }}
+ resourceNames: [{{ include "ingress-nginx.fullname" . }}-backend]
+ {{- end }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-rolebinding.yaml b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml
new file mode 100644
index 0000000..4a9cb92
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-rolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ name: {{ include "ingress-nginx.fullname" . }}-backend
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "ingress-nginx.fullname" . }}-backend
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-service.yaml b/charts/ingress-nginx/templates/default-backend-service.yaml
new file mode 100644
index 0000000..f59eb1e
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-service.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.defaultBackend.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+{{- if .Values.defaultBackend.service.annotations }}
+ annotations: {{ toYaml .Values.defaultBackend.service.annotations | nindent 4 }}
+{{- end }}
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ name: {{ include "ingress-nginx.defaultBackend.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: {{ .Values.defaultBackend.service.type }}
+{{- if .Values.defaultBackend.service.clusterIP }}
+ clusterIP: {{ .Values.defaultBackend.service.clusterIP }}
+{{- end }}
+{{- if .Values.defaultBackend.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | nindent 4 }}
+{{- end }}
+{{- if .Values.defaultBackend.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.defaultBackend.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.defaultBackend.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{ toYaml .Values.defaultBackend.service.loadBalancerSourceRanges | nindent 4 }}
+{{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.defaultBackend.service.servicePort }}
+ protocol: TCP
+ targetPort: http
+ {{- if semverCompare ">=1.20" .Capabilities.KubeVersion.Version }}
+ appProtocol: http
+ {{- end }}
+ selector:
+ {{- include "ingress-nginx.selectorLabels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+{{- end }}
diff --git a/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml
new file mode 100644
index 0000000..0c00e93
--- /dev/null
+++ b/charts/ingress-nginx/templates/default-backend-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ {{- include "ingress-nginx.labels" . | nindent 4 }}
+ app.kubernetes.io/component: default-backend
+ name: {{ template "ingress-nginx.defaultBackend.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+automountServiceAccountToken: {{ .Values.defaultBackend.serviceAccount.automountServiceAccountToken }}
+{{- end }}
diff --git a/charts/ingress-nginx/templates/dh-param-secret.yaml b/charts/ingress-nginx/templates/dh-param-secret.yaml
new file mode 100644
index 0000000..12e7a4f
--- /dev/null
+++ b/charts/ingress-nginx/templates/dh-param-secret.yaml
@@ -0,0 +1,10 @@
+{{- with .Values.dhParam -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "ingress-nginx.controller.fullname" $ }}
+ labels:
+ {{- include "ingress-nginx.labels" $ | nindent 4 }}
+data:
+ dhparam.pem: {{ . }}
+{{- end }}
diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml
new file mode 100644
index 0000000..602b7f5
--- /dev/null
+++ b/charts/ingress-nginx/values.yaml
@@ -0,0 +1,856 @@
+## nginx configuration
+## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md
+##
+
+## Overrides for generated resource names
+# See templates/_helpers.tpl
+# nameOverride:
+# fullnameOverride:
+
+controller:
+ name: controller
+ image:
+ registry: k8s.gcr.io
+ image: ingress-nginx/controller
+ # for backwards compatibility consider setting the full image url via the repository value below
+ # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
+ # repository:
+ tag: "v1.0.2"
+ digest: sha256:85b53b493d6d658d8c013449223b0ffd739c76d76dc9bf9000786669ec04e049
+ pullPolicy: IfNotPresent
+ # www-data -> uid 101
+ runAsUser: 101
+ allowPrivilegeEscalation: true
+
+ # Use an existing PSP instead of creating one
+ existingPsp: ""
+
+ # Configures the controller container name
+ containerName: controller
+
+ # Configures the ports the nginx-controller listens on
+ containerPort:
+ http: 80
+ https: 443
+
+ # Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
+ config: {}
+
+ ## Annotations to be added to the controller config configuration configmap
+ ##
+ configAnnotations: {}
+
+ # Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers
+ proxySetHeaders: {}
+
+ # Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers
+ addHeaders: {}
+
+ # Optionally customize the pod dnsConfig.
+ dnsConfig: {}
+
+ # Optionally customize the pod hostname.
+ hostname: {}
+
+ # Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.
+ # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller
+ # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.
+ dnsPolicy: ClusterFirst
+
+ # Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network
+ # Ingress status was blank because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply
+ reportNodeInternalIp: false
+
+ # Process Ingress objects without ingressClass annotation/ingressClassName field
+ # Overrides value for --watch-ingress-without-class flag of the controller binary
+ # Defaults to false
+ watchIngressWithoutClass: false
+
+ # Process IngressClass per name (additionally as per spec.controller)
+ ingressClassByName: false
+
+ # This configuration defines if Ingress Controller should allow users to set
+ # their own *-snippet annotations, otherwise this is forbidden / dropped
+ # when users add those annotations.
+ # Global snippets in ConfigMap are still respected
+ allowSnippetAnnotations: true
+
+ # Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
+ # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
+ # is merged
+ hostNetwork: false
+
+ ## Use host ports 80 and 443
+ ## Disabled by default
+ ##
+ hostPort:
+ enabled: false
+ ports:
+ http: 80
+ https: 443
+
+ ## Election ID to use for status update
+ ##
+ electionID: ingress-controller-leader
+
+ # This section refers to the creation of the IngressClass resource
+ # IngressClass resources are supported since k8s >= 1.18 and required since k8s >= 1.19
+ ingressClassResource:
+ name: nginx
+ enabled: true
+ default: false
+ controllerValue: "k8s.io/ingress-nginx"
+
+ # Parameters is a link to a custom resource containing additional
+ # configuration for the controller. This is optional if the controller
+ # does not require extra parameters.
+ parameters: {}
+
+ # labels to add to the pod container metadata
+ podLabels: {}
+ # key: value
+
+ ## Security Context policies for controller pods
+ ##
+ podSecurityContext: {}
+
+ ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
+ ## notes on enabling and using sysctls
+ ###
+ sysctls: {}
+ # sysctls:
+ # "net.core.somaxconn": "8192"
+
+ ## Allows customization of the source of the IP address or FQDN to report
+ ## in the ingress status field. By default, it reads the information provided
+ ## by the service. If disable, the status field reports the IP address of the
+ ## node or nodes where an ingress controller pod is running.
+ publishService:
+ enabled: true
+ ## Allows overriding of the publish service to bind to
+ ## Must be <namespace>/<service_name>
+ ##
+ pathOverride: ""
+
+ ## Limit the scope of the controller
+ ##
+ scope:
+ enabled: false
+ namespace: "" # defaults to $(POD_NAMESPACE)
+
+ ## Allows customization of the configmap / nginx-configmap namespace
+ ##
+ configMapNamespace: "" # defaults to $(POD_NAMESPACE)
+
+ ## Allows customization of the tcp-services-configmap
+ ##
+ tcp:
+ configMapNamespace: "" # defaults to $(POD_NAMESPACE)
+ ## Annotations to be added to the tcp config configmap
+ annotations: {}
+
+ ## Allows customization of the udp-services-configmap
+ ##
+ udp:
+ configMapNamespace: "" # defaults to $(POD_NAMESPACE)
+ ## Annotations to be added to the udp config configmap
+ annotations: {}
+
+ # Maxmind license key to download GeoLite2 Databases
+ # https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases
+ maxmindLicenseKey: ""
+
+ ## Additional command line arguments to pass to nginx-ingress-controller
+ ## E.g. to specify the default SSL certificate you can use
+ ## extraArgs:
+ ## default-ssl-certificate: "<namespace>/<secret_name>"
+ extraArgs: {}
+
+ ## Additional environment variables to set
+ extraEnvs: []
+ # extraEnvs:
+ # - name: FOO
+ # valueFrom:
+ # secretKeyRef:
+ # key: FOO
+ # name: secret-resource
+
+ ## DaemonSet or Deployment
+ ##
+ kind: Deployment
+
+ ## Annotations to be added to the controller Deployment or DaemonSet
+ ##
+ annotations: {}
+ # keel.sh/pollSchedule: "@every 60m"
+
+ ## Labels to be added to the controller Deployment or DaemonSet
+ ##
+ labels: {}
+ # keel.sh/policy: patch
+ # keel.sh/trigger: poll
+
+
+ # The update strategy to apply to the Deployment or DaemonSet
+ ##
+ updateStrategy: {}
+ # rollingUpdate:
+ # maxUnavailable: 1
+ # type: RollingUpdate
+
+ # minReadySeconds to avoid killing pods before we are ready
+ ##
+ minReadySeconds: 0
+
+
+ ## Node tolerations for server scheduling to nodes with taints
+ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ ##
+ tolerations: []
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+ ## Affinity and anti-affinity
+ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ##
+ affinity: {}
+ # # An example of preferred pod anti-affinity, weight is in the range 1-100
+ # podAntiAffinity:
+ # preferredDuringSchedulingIgnoredDuringExecution:
+ # - weight: 100
+ # podAffinityTerm:
+ # labelSelector:
+ # matchExpressions:
+ # - key: app.kubernetes.io/name
+ # operator: In
+ # values:
+ # - ingress-nginx
+ # - key: app.kubernetes.io/instance
+ # operator: In
+ # values:
+ # - ingress-nginx
+ # - key: app.kubernetes.io/component
+ # operator: In
+ # values:
+ # - controller
+ # topologyKey: kubernetes.io/hostname
+
+ # # An example of required pod anti-affinity
+ # podAntiAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # - labelSelector:
+ # matchExpressions:
+ # - key: app.kubernetes.io/name
+ # operator: In
+ # values:
+ # - ingress-nginx
+ # - key: app.kubernetes.io/instance
+ # operator: In
+ # values:
+ # - ingress-nginx
+ # - key: app.kubernetes.io/component
+ # operator: In
+ # values:
+ # - controller
+ # topologyKey: "kubernetes.io/hostname"
+
+ ## Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ##
+ topologySpreadConstraints: []
+ # - maxSkew: 1
+ # topologyKey: failure-domain.beta.kubernetes.io/zone
+ # whenUnsatisfiable: DoNotSchedule
+ # labelSelector:
+ # matchLabels:
+ # app.kubernetes.io/instance: ingress-nginx-internal
+
+ ## terminationGracePeriodSeconds
+ ## wait up to five minutes for the drain of connections
+ ##
+ terminationGracePeriodSeconds: 300
+
+ ## Node labels for controller pod assignment
+ ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector:
+ kubernetes.io/os: linux
+
+ ## Liveness and readiness probe values
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ##
+ # startupProbe:
+ # httpGet:
+ # # should match container.healthCheckPath
+ # path: "/healthz"
+ # port: 10254
+ # scheme: HTTP
+ # initialDelaySeconds: 5
+ # periodSeconds: 5
+ # timeoutSeconds: 2
+ # successThreshold: 1
+ # failureThreshold: 5
+ livenessProbe:
+ httpGet:
+ # should match container.healthCheckPath
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ httpGet:
+ # should match container.healthCheckPath
+ path: "/healthz"
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+
+
+ # Path of the health check endpoint. All requests received on the port defined by
+ # the healthz-port parameter are forwarded internally to this path.
+ healthCheckPath: "/healthz"
+
+ # Address to bind the health check endpoint.
+ # It is better to set this option to the internal node address
+ # if the ingress nginx controller is running in the hostNetwork: true mode.
+ healthCheckHost: ""
+
+ ## Annotations to be added to controller pods
+ ##
+ podAnnotations: {}
+
+ replicaCount: 1
+
+ minAvailable: 1
+
+ # Define requests resources to avoid probe issues due to CPU utilization in busy nodes
+ # ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903
+ # Ideally, there should be no limits.
+ # https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/
+ resources:
+ # limits:
+ # cpu: 100m
+ # memory: 90Mi
+ requests:
+ cpu: 100m
+ memory: 90Mi
+
+ # Mutually exclusive with keda autoscaling
+ autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 11
+ targetCPUUtilizationPercentage: 50
+ targetMemoryUtilizationPercentage: 50
+ behavior: {}
+ # scaleDown:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 180
+ # scaleUp:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 2
+ # periodSeconds: 60
+
+ autoscalingTemplate: []
+ # Custom or additional autoscaling metrics
+ # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
+ # - type: Pods
+ # pods:
+ # metric:
+ # name: nginx_ingress_controller_nginx_process_requests_total
+ # target:
+ # type: AverageValue
+ # averageValue: 10000m
+
+ # Mutually exclusive with hpa autoscaling
+ keda:
+ apiVersion: "keda.sh/v1alpha1"
+ # apiVersion changes with keda 1.x vs 2.x
+ # 2.x = keda.sh/v1alpha1
+ # 1.x = keda.k8s.io/v1alpha1
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 11
+ pollingInterval: 30
+ cooldownPeriod: 300
+ restoreToOriginalReplicaCount: false
+ scaledObject:
+ annotations: {}
+ # Custom annotations for ScaledObject resource
+ # annotations:
+ # key: value
+ triggers: []
+ # - type: prometheus
+ # metadata:
+ # serverAddress: http://<prometheus-host>:9090
+ # metricName: http_requests_total
+ # threshold: '100'
+ # query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
+
+ behavior: {}
+ # scaleDown:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 1
+ # periodSeconds: 180
+ # scaleUp:
+ # stabilizationWindowSeconds: 300
+ # policies:
+ # - type: Pods
+ # value: 2
+ # periodSeconds: 60
+
+ ## Enable mimalloc as a drop-in replacement for malloc.
+ ## ref: https://github.com/microsoft/mimalloc
+ ##
+ enableMimalloc: true
+
+ ## Override NGINX template
+ customTemplate:
+ configMapName: ""
+ configMapKey: ""
+
+ service:
+ enabled: true
+
+ annotations: {}
+ labels: {}
+ # clusterIP: ""
+
+ ## List of IP addresses at which the controller services are available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ # loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+
+ enableHttp: true
+ enableHttps: true
+
+ ## Set external traffic policy to: "Local" to preserve source IP on
+ ## providers supporting it
+ ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
+ # externalTrafficPolicy: ""
+
+ # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None".
+ # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
+ # sessionAffinity: ""
+
+ # specifies the health check node port (numeric port number) for the service. If healthCheckNodePort isn’t specified,
+ # the service controller allocates a port from your cluster’s NodePort range.
+ # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ # healthCheckNodePort: 0
+
+ ports:
+ http: 80
+ https: 443
+
+ targetPorts:
+ http: http
+ https: https
+
+ type: LoadBalancer
+
+ # type: NodePort
+ # nodePorts:
+ # http: 32080
+ # https: 32443
+ # tcp:
+ # 8080: 32808
+ nodePorts:
+ http: ""
+ https: ""
+ tcp: {}
+ udp: {}
+
+ ## Enables an additional internal load balancer (besides the external one).
+ ## Annotations are mandatory for the load balancer to come up. Varies with the cloud service.
+ internal:
+ enabled: false
+ annotations: {}
+
+ # loadBalancerIP: ""
+
+ ## Restrict access For LoadBalancer service. Defaults to 0.0.0.0/0.
+ loadBalancerSourceRanges: []
+
+ ## Set external traffic policy to: "Local" to preserve source IP on
+ ## providers supporting it
+ ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
+ # externalTrafficPolicy: ""
+
+ extraContainers: []
+ ## Additional containers to be added to the controller pod.
+ ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
+ # - name: my-sidecar
+ # image: nginx:latest
+ # - name: lemonldap-ng-controller
+ # image: lemonldapng/lemonldap-ng-controller:0.2.0
+ # args:
+ # - /lemonldap-ng-controller
+ # - --alsologtostderr
+ # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
+ # env:
+ # - name: POD_NAME
+ # valueFrom:
+ # fieldRef:
+ # fieldPath: metadata.name
+ # - name: POD_NAMESPACE
+ # valueFrom:
+ # fieldRef:
+ # fieldPath: metadata.namespace
+ # volumeMounts:
+ # - name: copy-portal-skins
+ # mountPath: /srv/var/lib/lemonldap-ng/portal/skins
+
+ extraVolumeMounts: []
+ ## Additional volumeMounts to the controller main container.
+ # - name: copy-portal-skins
+ # mountPath: /var/lib/lemonldap-ng/portal/skins
+
+ extraVolumes: []
+ ## Additional volumes to the controller pod.
+ # - name: copy-portal-skins
+ # emptyDir: {}
+
+ extraInitContainers: []
+ ## Containers, which are run before the app containers are started.
+ # - name: init-myservice
+ # image: busybox
+ # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
+
+ admissionWebhooks:
+ annotations: {}
+ enabled: true
+ failurePolicy: Fail
+ # timeoutSeconds: 10
+ port: 8443
+ certificate: "/usr/local/certificates/cert"
+ key: "/usr/local/certificates/key"
+ namespaceSelector: {}
+ objectSelector: {}
+
+ # Use an existing PSP instead of creating one
+ existingPsp: ""
+
+ service:
+ annotations: {}
+ # clusterIP: ""
+ externalIPs: []
+ # loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+ servicePort: 443
+ type: ClusterIP
+
+ createSecretJob:
+ resources: {}
+ # limits:
+ # cpu: 10m
+ # memory: 20Mi
+ # requests:
+ # cpu: 10m
+ # memory: 20Mi
+
+ patchWebhookJob:
+ resources: {}
+
+ patch:
+ enabled: true
+ image:
+ registry: k8s.gcr.io
+ image: ingress-nginx/kube-webhook-certgen
+ # for backwards compatibility consider setting the full image url via the repository value below
+ # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
+ # repository:
+ tag: v1.0
+ digest: sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068
+ pullPolicy: IfNotPresent
+ ## Provide a priority class name to the webhook patching job
+ ##
+ priorityClassName: ""
+ podAnnotations: {}
+ nodeSelector:
+ kubernetes.io/os: linux
+ tolerations: []
+ runAsUser: 2000
+
+ metrics:
+ port: 10254
+ # if this port is changed, change healthz-port: in extraArgs: accordingly
+ enabled: false
+
+ service:
+ annotations: {}
+ # prometheus.io/scrape: "true"
+ # prometheus.io/port: "10254"
+
+ # clusterIP: ""
+
+ ## List of IP addresses at which the stats-exporter service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ # loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+ servicePort: 10254
+ type: ClusterIP
+ # externalTrafficPolicy: ""
+ # nodePort: ""
+
+ serviceMonitor:
+ enabled: false
+ additionalLabels: {}
+ # The label to use to retrieve the job name from.
+ # jobLabel: "app.kubernetes.io/name"
+ namespace: ""
+ namespaceSelector: {}
+ # Default: scrape .Release.Namespace only
+ # To scrape all, use the following:
+ # namespaceSelector:
+ # any: true
+ scrapeInterval: 30s
+ # honorLabels: true
+ targetLabels: []
+ metricRelabelings: []
+
+ prometheusRule:
+ enabled: false
+ additionalLabels: {}
+ # namespace: ""
+ rules: []
+ # # These are just examples rules, please adapt them to your needs
+ # - alert: NGINXConfigFailed
+ # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) > 0
+ # for: 1s
+ # labels:
+ # severity: critical
+ # annotations:
+ # description: bad ingress config - nginx config test failed
+ # summary: uninstall the latest ingress changes to allow config reloads to resume
+ # - alert: NGINXCertificateExpiry
+ # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds) by (host) - time()) < 604800
+ # for: 1s
+ # labels:
+ # severity: critical
+ # annotations:
+ # description: ssl certificate(s) will expire in less then a week
+ # summary: renew expiring certificates to avoid downtime
+ # - alert: NGINXTooMany500s
+ # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"5.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
+ # for: 1m
+ # labels:
+ # severity: warning
+ # annotations:
+ # description: Too many 5XXs
+ # summary: More than 5% of all requests returned 5XX, this requires your attention
+ # - alert: NGINXTooMany400s
+ # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~"4.+"} ) / sum(nginx_ingress_controller_requests) ) > 5
+ # for: 1m
+ # labels:
+ # severity: warning
+ # annotations:
+ # description: Too many 4XXs
+ # summary: More than 5% of all requests returned 4XX, this requires your attention
+
+ ## Improve connection draining when ingress controller pod is deleted using a lifecycle hook:
+ ## With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds
+ ## to 300, allowing the draining of connections up to five minutes.
+ ## If the active connections end before that, the pod will terminate gracefully at that time.
+ ## To effectively take advantage of this feature, the Configmap feature
+ ## worker-shutdown-timeout new value is 240s instead of 10s.
+ ##
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /wait-shutdown
+
+ priorityClassName: ""
+
+## Rollback limit
+##
+revisionHistoryLimit: 10
+
+## Default 404 backend
+##
+defaultBackend:
+ ##
+ enabled: false
+
+ name: defaultbackend
+ image:
+ registry: k8s.gcr.io
+ image: defaultbackend-amd64
+ # for backwards compatibility consider setting the full image url via the repository value below
+ # use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
+ # repository:
+ tag: "1.5"
+ pullPolicy: IfNotPresent
+ # nobody user -> uid 65534
+ runAsUser: 65534
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+
+ # Use an existing PSP instead of creating one
+ existingPsp: ""
+
+ extraArgs: {}
+
+ serviceAccount:
+ create: true
+ name: ""
+ automountServiceAccountToken: true
+ ## Additional environment variables to set for defaultBackend pods
+ extraEnvs: []
+
+ port: 8080
+
+ ## Readiness and liveness probes for default backend
+ ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+ ##
+ livenessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ failureThreshold: 6
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ successThreshold: 1
+ timeoutSeconds: 5
+
+ ## Node tolerations for server scheduling to nodes with taints
+ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ ##
+ tolerations: []
+ # - key: "key"
+ # operator: "Equal|Exists"
+ # value: "value"
+ # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
+
+ affinity: {}
+
+ ## Security Context policies for controller pods
+ ## See https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ for
+ ## notes on enabling and using sysctls
+ ##
+ podSecurityContext: {}
+
+ # labels to add to the pod container metadata
+ podLabels: {}
+ # key: value
+
+ ## Node labels for default backend pod assignment
+ ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector:
+ kubernetes.io/os: linux
+
+ ## Annotations to be added to default backend pods
+ ##
+ podAnnotations: {}
+
+ replicaCount: 1
+
+ minAvailable: 1
+
+ resources: {}
+ # limits:
+ # cpu: 10m
+ # memory: 20Mi
+ # requests:
+ # cpu: 10m
+ # memory: 20Mi
+
+ extraVolumeMounts: []
+ ## Additional volumeMounts to the default backend container.
+ # - name: copy-portal-skins
+ # mountPath: /var/lib/lemonldap-ng/portal/skins
+
+ extraVolumes: []
+ ## Additional volumes to the default backend pod.
+ # - name: copy-portal-skins
+ # emptyDir: {}
+
+ autoscaling:
+ annotations: {}
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 2
+ targetCPUUtilizationPercentage: 50
+ targetMemoryUtilizationPercentage: 50
+
+ service:
+ annotations: {}
+
+ # clusterIP: ""
+
+ ## List of IP addresses at which the default backend service is available
+ ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
+ ##
+ externalIPs: []
+
+ # loadBalancerIP: ""
+ loadBalancerSourceRanges: []
+ servicePort: 80
+ type: ClusterIP
+
+ priorityClassName: ""
+
+## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266
+rbac:
+ create: true
+ scope: false
+
+# If true, create & use Pod Security Policy resources
+# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+podSecurityPolicy:
+ enabled: false
+
+serviceAccount:
+ create: true
+ name: ""
+ automountServiceAccountToken: true
+
+## Optional array of imagePullSecrets containing private registry credentials
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# - name: secretName
+
+# TCP service key:value pairs
+# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
+##
+tcp: {}
+# 8080: "default/example-tcp-svc:9000"
+
+# UDP service key:value pairs
+# Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md
+##
+udp: {}
+# 53: "kube-system/kube-dns:53"
+
+# A base64ed Diffie-Hellman parameter
+# This can be generated with: openssl dhparam 4096 2> /dev/null | base64
+# Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param
+dhParam:
diff --git a/charts/longhorn/.helmignore b/charts/longhorn/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/charts/longhorn/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/longhorn/Chart.yaml b/charts/longhorn/Chart.yaml
new file mode 100644
index 0000000..d9dd5a1
--- /dev/null
+++ b/charts/longhorn/Chart.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+appVersion: v1.4.1
+description: Longhorn is a distributed block storage system for Kubernetes.
+home: https://github.com/longhorn/longhorn
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png
+keywords:
+- longhorn
+- storage
+- distributed
+- block
+- device
+- iscsi
+- nfs
+kubeVersion: '>=1.21.0-0'
+maintainers:
+- email: maintainers@longhorn.io
+ name: Longhorn maintainers
+name: longhorn
+sources:
+- https://github.com/longhorn/longhorn
+- https://github.com/longhorn/longhorn-engine
+- https://github.com/longhorn/longhorn-instance-manager
+- https://github.com/longhorn/longhorn-share-manager
+- https://github.com/longhorn/longhorn-manager
+- https://github.com/longhorn/longhorn-ui
+- https://github.com/longhorn/longhorn-tests
+- https://github.com/longhorn/backing-image-manager
+version: 1.4.1
diff --git a/charts/longhorn/README.md b/charts/longhorn/README.md
new file mode 100644
index 0000000..012c058
--- /dev/null
+++ b/charts/longhorn/README.md
@@ -0,0 +1,78 @@
+# Longhorn Chart
+
+> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only.
+
+> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version.
+
+## Source Code
+
+Longhorn is 100% open source software. Project source code is spread across a number of repos:
+
+1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine
+2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager
+3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager
+4. Backing Image Manager -- Backing image file lifecycle management. https://github.com/longhorn/backing-image-manager
+5. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager
+6. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui
+
+## Prerequisites
+
+1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.)
+2. Kubernetes >= v1.21
+3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster.
+4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already.
+
+## Upgrading to Kubernetes v1.25+
+
+Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API.
+
+As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `enablePSP` set to `false` if it has been previously set to `true`.
+
+> **Note:**
+> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).**
+>
+> If your charts get stuck in this state, you may have to clean up your Helm release secrets.
+Upon setting `enablePSP` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart.
+
+As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Longhorn docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards.
+
+## Installation
+1. Add Longhorn chart repository.
+```
+helm repo add longhorn https://charts.longhorn.io
+```
+
+2. Update local Longhorn chart information from chart repository.
+```
+helm repo update
+```
+
+3. Install Longhorn chart.
+- With Helm 2, the following command will create the `longhorn-system` namespace and install the Longhorn chart together.
+```
+helm install longhorn/longhorn --name longhorn --namespace longhorn-system
+```
+- With Helm 3, the following commands will create the `longhorn-system` namespace first, then install the Longhorn chart.
+
+```
+kubectl create namespace longhorn-system
+helm install longhorn longhorn/longhorn --namespace longhorn-system
+```
+
+## Uninstallation
+
+With Helm 2 to uninstall Longhorn.
+```
+kubectl -n longhorn-system patch -p '{"value": "true"}' --type=merge lhs deleting-confirmation-flag
+helm delete longhorn --purge
+```
+
+With Helm 3 to uninstall Longhorn.
+```
+kubectl -n longhorn-system patch -p '{"value": "true"}' --type=merge lhs deleting-confirmation-flag
+helm uninstall longhorn -n longhorn-system
+kubectl delete namespace longhorn-system
+```
+
+---
+Please see [link](https://github.com/longhorn/longhorn) for more information.
diff --git a/charts/longhorn/app-readme.md b/charts/longhorn/app-readme.md
new file mode 100644
index 0000000..cb23135
--- /dev/null
+++ b/charts/longhorn/app-readme.md
@@ -0,0 +1,11 @@
+# Longhorn
+
+Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn.
+
+Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups!
+
+**Important**: Please install Longhorn chart in `longhorn-system` namespace only.
+
+**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version.
+
+[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md)
diff --git a/charts/longhorn/questions.yaml b/charts/longhorn/questions.yaml
new file mode 100644
index 0000000..b4ae9de
--- /dev/null
+++ b/charts/longhorn/questions.yaml
@@ -0,0 +1,837 @@
+categories:
+- storage
+namespace: longhorn-system
+questions:
+- variable: image.defaultImage
+ default: "true"
+ description: "Use default Longhorn images"
+ label: Use Default Images
+ type: boolean
+ show_subquestion_if: false
+ group: "Longhorn Images"
+ subquestions:
+ - variable: image.longhorn.manager.repository
+ default: longhornio/longhorn-manager
+ description: "Specify Longhorn Manager Image Repository"
+ type: string
+ label: Longhorn Manager Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.manager.tag
+ default: v1.4.1
+ description: "Specify Longhorn Manager Image Tag"
+ type: string
+ label: Longhorn Manager Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.engine.repository
+ default: longhornio/longhorn-engine
+ description: "Specify Longhorn Engine Image Repository"
+ type: string
+ label: Longhorn Engine Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.engine.tag
+ default: v1.4.1
+ description: "Specify Longhorn Engine Image Tag"
+ type: string
+ label: Longhorn Engine Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.ui.repository
+ default: longhornio/longhorn-ui
+ description: "Specify Longhorn UI Image Repository"
+ type: string
+ label: Longhorn UI Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.ui.tag
+ default: v1.4.1
+ description: "Specify Longhorn UI Image Tag"
+ type: string
+ label: Longhorn UI Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.instanceManager.repository
+ default: longhornio/longhorn-instance-manager
+ description: "Specify Longhorn Instance Manager Image Repository"
+ type: string
+ label: Longhorn Instance Manager Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.instanceManager.tag
+ default: v1.4.1
+ description: "Specify Longhorn Instance Manager Image Tag"
+ type: string
+ label: Longhorn Instance Manager Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.shareManager.repository
+ default: longhornio/longhorn-share-manager
+ description: "Specify Longhorn Share Manager Image Repository"
+ type: string
+ label: Longhorn Share Manager Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.shareManager.tag
+ default: v1.4.1
+ description: "Specify Longhorn Share Manager Image Tag"
+ type: string
+ label: Longhorn Share Manager Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.backingImageManager.repository
+ default: longhornio/backing-image-manager
+ description: "Specify Longhorn Backing Image Manager Image Repository"
+ type: string
+ label: Longhorn Backing Image Manager Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.backingImageManager.tag
+ default: v1.4.1
+ description: "Specify Longhorn Backing Image Manager Image Tag"
+ type: string
+ label: Longhorn Backing Image Manager Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.supportBundleKit.repository
+ default: longhornio/support-bundle-kit
+ description: "Specify Longhorn Support Bundle Manager Image Repository"
+ type: string
+ label: Longhorn Support Bundle Kit Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.supportBundleKit.tag
+ default: v0.0.17
+ description: "Specify Longhorn Support Bundle Manager Image Tag"
+ type: string
+ label: Longhorn Support Bundle Kit Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.csi.attacher.repository
+ default: longhornio/csi-attacher
+ description: "Specify CSI attacher image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Attacher Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.attacher.tag
+ default: v3.4.0
+ description: "Specify CSI attacher image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Attacher Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.provisioner.repository
+ default: longhornio/csi-provisioner
+ description: "Specify CSI provisioner image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Provisioner Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.provisioner.tag
+ default: v2.1.2
+ description: "Specify CSI provisioner image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Provisioner Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.nodeDriverRegistrar.repository
+ default: longhornio/csi-node-driver-registrar
+ description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Node Driver Registrar Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.nodeDriverRegistrar.tag
+ default: v2.5.0
+ description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Node Driver Registrar Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.resizer.repository
+ default: longhornio/csi-resizer
+ description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Driver Resizer Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.resizer.tag
+ default: v1.3.0
+ description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Driver Resizer Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.snapshotter.repository
+ default: longhornio/csi-snapshotter
+ description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Driver Snapshotter Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.snapshotter.tag
+ default: v5.0.1
+ description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Driver Snapshotter Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.livenessProbe.repository
+ default: longhornio/livenessprobe
+ description: "Specify CSI liveness probe image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Liveness Probe Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.livenessProbe.tag
+ default: v2.8.0
+ description: "Specify CSI liveness probe image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Liveness Probe Image Tag
+ group: "Longhorn CSI Driver Images"
+- variable: privateRegistry.registryUrl
+ label: Private registry URL
+ description: "URL of private registry. Leave blank to apply system default registry."
+ group: "Private Registry Settings"
+ type: string
+ default: ""
+- variable: privateRegistry.registrySecret
+ label: Private registry secret name
+ description: "If create a new private registry secret is true, create a Kubernetes secret with this name; else use the existing secret of this name. Use it to pull images from your private registry."
+ group: "Private Registry Settings"
+ type: string
+ default: ""
+- variable: privateRegistry.createSecret
+ default: "true"
+ description: "Create a new private registry secret"
+ type: boolean
+ group: "Private Registry Settings"
+ label: Create Secret for Private Registry Settings
+ show_subquestion_if: true
+ subquestions:
+ - variable: privateRegistry.registryUser
+ label: Private registry user
+ description: "User used to authenticate to private registry."
+ type: string
+ default: ""
+ - variable: privateRegistry.registryPasswd
+ label: Private registry password
+ description: "Password used to authenticate to private registry."
+ type: password
+ default: ""
+- variable: longhorn.default_setting
+ default: "false"
+ description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn."
+ label: "Customize Default Settings"
+ type: boolean
+ show_subquestion_if: true
+ group: "Longhorn Default Settings"
+ subquestions:
+ - variable: csi.kubeletRootDir
+ default:
+ description: "Specify kubelet root-dir. Leave blank to autodetect."
+ type: string
+ label: Kubelet Root Directory
+ group: "Longhorn CSI Driver Settings"
+ - variable: csi.attacherReplicaCount
+ type: int
+ default: 3
+ min: 1
+ max: 10
+ description: "Specify replica count of CSI Attacher. By default 3."
+ label: Longhorn CSI Attacher replica count
+ group: "Longhorn CSI Driver Settings"
+ - variable: csi.provisionerReplicaCount
+ type: int
+ default: 3
+ min: 1
+ max: 10
+ description: "Specify replica count of CSI Provisioner. By default 3."
+ label: Longhorn CSI Provisioner replica count
+ group: "Longhorn CSI Driver Settings"
+ - variable: csi.resizerReplicaCount
+ type: int
+ default: 3
+ min: 1
+ max: 10
+ description: "Specify replica count of CSI Resizer. By default 3."
+ label: Longhorn CSI Resizer replica count
+ group: "Longhorn CSI Driver Settings"
+ - variable: csi.snapshotterReplicaCount
+ type: int
+ default: 3
+ min: 1
+ max: 10
+ description: "Specify replica count of CSI Snapshotter. By default 3."
+ label: Longhorn CSI Snapshotter replica count
+ group: "Longhorn CSI Driver Settings"
+ - variable: defaultSettings.backupTarget
+ label: Backup Target
+ description: "The endpoint used to access the backupstore. NFS and S3 are supported."
+ group: "Longhorn Default Settings"
+ type: string
+ default:
+ - variable: defaultSettings.backupTargetCredentialSecret
+ label: Backup Target Credential Secret
+ description: "The name of the Kubernetes secret associated with the backup target."
+ group: "Longhorn Default Settings"
+ type: string
+ default:
+ - variable: defaultSettings.allowRecurringJobWhileVolumeDetached
+ label: Allow Recurring Job While Volume Is Detached
+ description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup.
+Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.createDefaultDiskLabeledNodes
+ label: Create Default Disk on Labeled Nodes
+ description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.defaultDataPath
+ label: Default Data Path
+ description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"'
+ group: "Longhorn Default Settings"
+ type: string
+ default: "/var/lib/longhorn/"
+ - variable: defaultSettings.defaultDataLocality
+ label: Default Data Locality
+ description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume.
+This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass
+The available modes are:
+- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload)
+- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.'
+ group: "Longhorn Default Settings"
+ type: enum
+ options:
+ - "disabled"
+ - "best-effort"
+ default: "disabled"
+ - variable: defaultSettings.replicaSoftAntiAffinity
+ label: Replica Node Level Soft Anti-Affinity
+ description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.replicaAutoBalance
+ label: Replica Auto Balance
+ description: 'Enable this setting automatically rebalances replicas when discovered an available node.
+The available global options are:
+- **disabled**. This is the default option. No replica auto-balance will be done.
+- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy.
+- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy.
+Longhorn also support individual volume setting. The setting can be specified in volume.spec.replicaAutoBalance, this overrules the global setting.
+The available volume spec options are:
+- **ignored**. This is the default option that instructs Longhorn to inherit from the global setting.
+- **disabled**. This option instructs Longhorn no replica auto-balance should be done.
+- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy.
+- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy.'
+ group: "Longhorn Default Settings"
+ type: enum
+ options:
+ - "disabled"
+ - "least-effort"
+ - "best-effort"
+ default: "disabled"
+ - variable: defaultSettings.storageOverProvisioningPercentage
+ label: Storage Over Provisioning Percentage
+ description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 200
+ - variable: defaultSettings.storageMinimalAvailablePercentage
+ label: Storage Minimal Available Percentage
+ description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ max: 100
+ default: 25
+ - variable: defaultSettings.upgradeChecker
+ label: Enable Upgrade Checker
+ description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.defaultReplicaCount
+ label: Default Replica Count
+ description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 1
+ max: 20
+ default: 3
+ - variable: defaultSettings.defaultLonghornStaticStorageClass
+ label: Default Longhorn Static StorageClass Name
+ description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'."
+ group: "Longhorn Default Settings"
+ type: string
+ default: "longhorn-static"
+ - variable: defaultSettings.backupstorePollInterval
+ label: Backupstore Poll Interval
+ description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 300
+ - variable: defaultSettings.failedBackupTTL
+ label: Failed Backup Time to Live
+ description: "In minutes. This setting determines how long Longhorn will keep the backup resource that was failed. Set to 0 to disable the auto-deletion.
+Failed backups will be checked and cleaned up during backupstore polling which is controlled by **Backupstore Poll Interval** setting.
+Hence this value determines the minimal wait interval of the cleanup. And the actual cleanup interval is multiple of **Backupstore Poll Interval**.
+Disabling **Backupstore Poll Interval** also means to disable failed backup auto-deletion."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 1440
+ - variable: defaultSettings.restoreVolumeRecurringJobs
+ label: Restore Volume Recurring Jobs
+ description: "Restore recurring jobs from the backup volume on the backup target and create recurring jobs if not exist during a backup restoration.
+Longhorn also supports individual volume setting. The setting can be specified on Backup page when making a backup restoration, this overrules the global setting.
+The available volume setting options are:
+- **ignored**. This is the default option that instructs Longhorn to inherit from the global setting.
+- **enabled**. This option instructs Longhorn to restore recurring jobs/groups from the backup target forcibly.
+- **disabled**. This option instructs Longhorn no restoring recurring jobs/groups should be done."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.recurringSuccessfulJobsHistoryLimit
+ label: Cronjob Successful Jobs History Limit
+ description: "This setting specifies how many successful backup or snapshot job histories should be retained. History will not be retained if the value is 0."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 1
+ - variable: defaultSettings.recurringFailedJobsHistoryLimit
+ label: Cronjob Failed Jobs History Limit
+ description: "This setting specifies how many failed backup or snapshot job histories should be retained. History will not be retained if the value is 0."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 1
+ - variable: defaultSettings.supportBundleFailedHistoryLimit
+ label: SupportBundle Failed History Limit
+ description: "This setting specifies how many failed support bundles can exist in the cluster.
+The retained failed support bundle is for analysis purposes and needs to clean up manually.
+Set this value to **0** to have Longhorn automatically purge all failed support bundles."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 1
+ - variable: defaultSettings.autoSalvage
+ label: Automatic salvage
+ description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly
+ label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly
+ description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount.
+If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume.
+**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.disableSchedulingOnCordonedNode
+ label: Disable Scheduling On Cordoned Node
+ description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.replicaZoneSoftAntiAffinity
+ label: Replica Zone Level Soft Anti-Affinity
+ description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. Notice that Longhorn relies on label `topology.kubernetes.io/zone=<Zone name of the node>` in the Kubernetes node object to identify the zone. By default true."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.nodeDownPodDeletionPolicy
+ label: Pod Deletion Policy When Node is Down
+ description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down.
+- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down.
+- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods.
+- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods.
+- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods."
+ group: "Longhorn Default Settings"
+ type: enum
+ options:
+ - "do-nothing"
+ - "delete-statefulset-pod"
+ - "delete-deployment-pod"
+ - "delete-both-statefulset-and-deployment-pod"
+ default: "do-nothing"
+ - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica
+ label: Allow Node Drain with the Last Healthy Replica
+ description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume.
+If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.mkfsExt4Parameters
+ label: Custom mkfs.ext4 parameters
+ description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`."
+ group: "Longhorn Default Settings"
+ type: string
+ - variable: defaultSettings.disableReplicaRebuild
+ label: Disable Replica Rebuild
+ description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.replicaReplenishmentWaitInterval
+ label: Replica Replenishment Wait Interval
+ description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume.
+Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 600
+ - variable: defaultSettings.concurrentReplicaRebuildPerNodeLimit
+ label: Concurrent Replica Rebuild Per Node Limit
+ description: "This setting controls how many replicas on a node can be rebuilt simultaneously.
+Typically, Longhorn can block the replica starting once the current rebuilding count on a node exceeds the limit. But when the value is 0, it means disabling the replica rebuilding.
+WARNING:
+- The old setting \"Disable Replica Rebuild\" is replaced by this setting.
+- Different from relying on replica starting delay to limit the concurrent rebuilding, if the rebuilding is disabled, replica object replenishment will be directly skipped.
+- When the value is 0, the eviction and data locality feature won't work. But this shouldn't have any impact to any current replica rebuild and backup restore."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 5
+ - variable: defaultSettings.concurrentVolumeBackupRestorePerNodeLimit
+ label: Concurrent Volume Backup Restore Per Node Limit
+ description: "This setting controls how many volumes on a node can restore the backup concurrently.
+Longhorn blocks the backup restore once the restoring volume count exceeds the limit.
+Set the value to **0** to disable backup restore."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 5
+ - variable: defaultSettings.disableRevisionCounter
+ label: Disable Revision Counter
+ description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the replica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.systemManagedPodsImagePullPolicy
+ label: System Managed Pod Image Pull Policy
+ description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart."
+ group: "Longhorn Default Settings"
+ type: enum
+ options:
+ - "if-not-present"
+ - "always"
+ - "never"
+ default: "if-not-present"
+ - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability
+ label: Allow Volume Creation with Degraded Availability
+ description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot
+ label: Automatically Cleanup System Generated Snapshot
+ description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit
+ label: Concurrent Automatic Engine Upgrade Per Node Limit
+ description: "This setting controls how Longhorn automatically upgrades volumes' engines to the new default engine image after upgrading Longhorn manager. The value of this setting specifies the maximum number of engines per node that are allowed to upgrade to the default engine image at the same time. If the value is 0, Longhorn will not automatically upgrade volumes' engines to default version."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 0
+ - variable: defaultSettings.backingImageCleanupWaitInterval
+ label: Backing Image Cleanup Wait Interval
+ description: "This interval in minutes determines how long Longhorn will wait before cleaning up the backing image file when there is no replica in the disk using it."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 60
+ - variable: defaultSettings.backingImageRecoveryWaitInterval
+ label: Backing Image Recovery Wait Interval
+ description: "This interval in seconds determines how long Longhorn will wait before re-downloading the backing image file when all disk files of this backing image become failed or unknown.
+ WARNING:
+ - This recovery only works for the backing image of which the creation type is \"download\".
+ - File state \"unknown\" means the related manager pods on the pod is not running or the node itself is down/disconnected."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 300
+ - variable: defaultSettings.guaranteedEngineManagerCPU
+ label: Guaranteed Engine Manager CPU
+ description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each engine manager Pod. For example, 10 means 10% of the total CPU on a node will be allocated to each engine manager pod on this node. This will help maintain engine stability during high node workload.
+ In order to prevent unexpected volume engine crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting:
+ Guaranteed Engine Manager CPU = The estimated max Longhorn volume engine count on a node * 0.1 / The total allocatable CPUs on the node * 100.
+ The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting.
+ If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes.
+ WARNING:
+ - Value 0 means unsetting CPU requests for engine manager pods.
+ - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Engine Manager CPU' should not be greater than 40.
+ - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then.
+ - This global setting will be ignored for a node if the field \"EngineManagerCPURequest\" on the node is set.
+ - After this setting is changed, all engine manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ max: 40
+ default: 12
+ - variable: defaultSettings.guaranteedReplicaManagerCPU
+ label: Guaranteed Replica Manager CPU
+ description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each replica manager Pod. 10 means 10% of the total CPU on a node will be allocated to each replica manager pod on this node. This will help maintain replica stability during high node workload.
+ In order to prevent unexpected volume replica crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting:
+ Guaranteed Replica Manager CPU = The estimated max Longhorn volume replica count on a node * 0.1 / The total allocatable CPUs on the node * 100.
+ The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting.
+ If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes.
+ WARNING:
+ - Value 0 means unsetting CPU requests for replica manager pods.
+ - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Replica Manager CPU' should not be greater than 40.
+ - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then.
+ - This global setting will be ignored for a node if the field \"ReplicaManagerCPURequest\" on the node is set.
+ - After this setting is changed, all replica manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ max: 40
+ default: 12
+- variable: defaultSettings.kubernetesClusterAutoscalerEnabled
+ label: Kubernetes Cluster Autoscaler Enabled (Experimental)
+ description: "Enabling this setting will notify Longhorn that the cluster is using Kubernetes Cluster Autoscaler.
+ Longhorn prevents data loss by only allowing the Cluster Autoscaler to scale down a node that met all conditions:
+ - No volume attached to the node.
+ - Is not the last node containing the replica of any volume.
+ - Is not running backing image components pod.
+ - Is not running share manager components pod."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: false
+- variable: defaultSettings.orphanAutoDeletion
+ label: Orphaned Data Cleanup
+ description: "This setting allows Longhorn to delete the orphan resource and its corresponding orphaned data automatically like stale replicas. Orphan resources on down or unknown nodes will not be cleaned up automatically."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: false
+- variable: defaultSettings.storageNetwork
+ label: Storage Network
+ description: "Longhorn uses the storage network for in-cluster data traffic. Leave this blank to use the Kubernetes cluster network.
+ To segregate the storage network, input the pre-existing NetworkAttachmentDefinition in \"<namespace>/<name>\" format.
+ WARNING:
+ - The cluster must have pre-existing Multus installed, and NetworkAttachmentDefinition IPs are reachable between nodes.
+ - DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. Longhorn will try to block this setting update when there are attached volumes.
+ - When applying the setting, Longhorn will restart all manager, instance-manager, and backing-image-manager pods."
+ group: "Longhorn Default Settings"
+ type: string
+ default:
+- variable: defaultSettings.deletingConfirmationFlag
+ label: Deleting Confirmation Flag
+ description: "This flag is designed to prevent Longhorn from being accidentally uninstalled which will lead to data lost.
+ Set this flag to **true** to allow Longhorn uninstallation.
+ If this flag **false**, Longhorn uninstallation job will fail. "
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+- variable: defaultSettings.engineReplicaTimeout
+ label: Timeout between Engine and Replica
+ description: "In seconds. The setting specifies the timeout between the engine and replica(s), and the value should be between 8 to 30 seconds. The default value is 8 seconds."
+ group: "Longhorn Default Settings"
+ type: int
+ default: "8"
+- variable: defaultSettings.snapshotDataIntegrity
+ label: Snapshot Data Integrity
+ description: "This setting allows users to enable or disable snapshot hashing and data integrity checking.
+ Available options are
+ - **disabled**: Disable snapshot disk file hashing and data integrity checking.
+ - **enabled**: Enables periodic snapshot disk file hashing and data integrity checking. To detect the filesystem-unaware corruption caused by bit rot or other issues in snapshot disk files, Longhorn system periodically hashes files and finds corrupted ones. Hence, the system performance will be impacted during the periodical checking.
+ - **fast-check**: Enable snapshot disk file hashing and fast data integrity checking. Longhorn system only hashes snapshot disk files if their are not hashed or the modification time are changed. In this mode, filesystem-unaware corruption cannot be detected, but the impact on system performance can be minimized."
+ group: "Longhorn Default Settings"
+ type: string
+ default: "disabled"
+- variable: defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation
+ label: Immediate Snapshot Data Integrity Check After Creating a Snapshot
+ description: "Hashing snapshot disk files impacts the performance of the system. The immediate snapshot hashing and checking can be disabled to minimize the impact after creating a snapshot."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+- variable: defaultSettings.snapshotDataIntegrityCronjob
+ label: Snapshot Data Integrity Check CronJob
+ description: "Unix-cron string format. The setting specifies when Longhorn checks the data integrity of snapshot disk files.
+ Warning: Hashing snapshot disk files impacts the performance of the system. It is recommended to run data integrity checks during off-peak times and to reduce the frequency of checks."
+ group: "Longhorn Default Settings"
+ type: string
+ default: "0 0 */7 * *"
+- variable: defaultSettings.removeSnapshotsDuringFilesystemTrim
+ label: Remove Snapshots During Filesystem Trim
+ description: "This setting allows Longhorn filesystem trim feature to automatically mark the latest snapshot and its ancestors as removed and stops at the snapshot containing multiple children.\n\n
+ Since Longhorn filesystem trim feature can be applied to the volume head and the followed continuous removed or system snapshots only.\n\n
+ Notice that trying to trim a removed files from a valid snapshot will do nothing but the filesystem will discard this kind of in-memory trimmable file info.\n\n
+ Later on if you mark the snapshot as removed and want to retry the trim, you may need to unmount and remount the filesystem so that the filesystem can recollect the trimmable file info."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+- variable: defaultSettings.fastReplicaRebuildEnabled
+ label: Fast Replica Rebuild Enabled
+ description: "This feature supports the fast replica rebuilding. It relies on the checksum of snapshot disk files, so setting the snapshot-data-integrity to **enable** or **fast-check** is a prerequisite."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: false
+- variable: defaultSettings.replicaFileSyncHttpClientTimeout
+ label: Timeout of HTTP Client to Replica File Sync Server
+ description: "In seconds. The setting specifies the HTTP client timeout to the file sync server."
+ group: "Longhorn Default Settings"
+ type: int
+ default: "30"
+- variable: persistence.defaultClass
+ default: "true"
+ description: "Set as default StorageClass for Longhorn"
+ label: Default Storage Class
+ group: "Longhorn Storage Class Settings"
+ required: true
+ type: boolean
+- variable: persistence.reclaimPolicy
+ label: Storage Class Retain Policy
+ description: "Define reclaim policy (Retain or Delete)"
+ group: "Longhorn Storage Class Settings"
+ required: true
+ type: enum
+ options:
+ - "Delete"
+ - "Retain"
+ default: "Delete"
+- variable: persistence.defaultClassReplicaCount
+ description: "Set replica count for Longhorn StorageClass"
+ label: Default Storage Class Replica Count
+ group: "Longhorn Storage Class Settings"
+ type: int
+ min: 1
+ max: 10
+ default: 3
+- variable: persistence.defaultDataLocality
+ description: "Set data locality for Longhorn StorageClass"
+ label: Default Storage Class Data Locality
+ group: "Longhorn Storage Class Settings"
+ type: enum
+ options:
+ - "disabled"
+ - "best-effort"
+ default: "disabled"
+- variable: persistence.recurringJobSelector.enable
+ description: "Enable recurring job selector for Longhorn StorageClass"
+ group: "Longhorn Storage Class Settings"
+ label: Enable Storage Class Recurring Job Selector
+ type: boolean
+ default: false
+ show_subquestion_if: true
+ subquestions:
+ - variable: persistence.recurringJobSelector.jobList
+ description: 'Recurring job selector list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "isGroup":true}]'
+ label: Storage Class Recurring Job Selector List
+ group: "Longhorn Storage Class Settings"
+ type: string
+ default:
+- variable: defaultSettings.defaultNodeSelector.enable
+ description: "Enable recurring Node selector for Longhorn StorageClass"
+ group: "Longhorn Storage Class Settings"
+ label: Enable Storage Class Node Selector
+ type: boolean
+ default: false
+ show_subquestion_if: true
+ subquestions:
+ - variable: defaultSettings.defaultNodeSelector.selector
+ label: Storage Class Node Selector
+ description: 'We use NodeSelector when we want to bind PVC via StorageClass into desired mountpoint on the nodes tagged whith its value'
+ group: "Longhorn Default Settings"
+ type: string
+ default:
+- variable: persistence.backingImage.enable
+ description: "Set backing image for Longhorn StorageClass"
+ group: "Longhorn Storage Class Settings"
+ label: Default Storage Class Backing Image
+ type: boolean
+ default: false
+ show_subquestion_if: true
+ subquestions:
+ - variable: persistence.backingImage.name
+ description: 'Specify a backing image that will be used by Longhorn volumes in Longhorn StorageClass. If not exists, the backing image data source type and backing image data source parameters should be specified so that Longhorn will create the backing image before using it.'
+ label: Storage Class Backing Image Name
+ group: "Longhorn Storage Class Settings"
+ type: string
+ default:
+ - variable: persistence.backingImage.expectedChecksum
+ description: 'Specify the expected SHA512 checksum of the selected backing image in Longhorn StorageClass.
+ WARNING:
+ - If the backing image name is not specified, setting this field is meaningless.
+ - It is not recommended to set this field if the data source type is \"export-from-volume\".'
+ label: Storage Class Backing Image Expected SHA512 Checksum
+ group: "Longhorn Storage Class Settings"
+ type: string
+ default:
+ - variable: persistence.backingImage.dataSourceType
+ description: 'Specify the data source type for the backing image used in Longhorn StorageClass.
+ If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image.
+ WARNING:
+ - If the backing image name is not specified, setting this field is meaningless.
+ - As for backing image creation with data source type \"upload\", it is recommended to do it via UI rather than StorageClass here. Uploading requires file data sending to the Longhorn backend after the object creation, which is complicated if you want to handle it manually.'
+ label: Storage Class Backing Image Data Source Type
+ group: "Longhorn Storage Class Settings"
+ type: enum
+ options:
+ - ""
+ - "download"
+ - "upload"
+ - "export-from-volume"
+ default: ""
+ - variable: persistence.backingImage.dataSourceParameters
+ description: "Specify the data source parameters for the backing image used in Longhorn StorageClass.
+ If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image.
+ This option accepts a json string of a map. e.g., '{\"url\":\"https://backing-image-example.s3-region.amazonaws.com/test-backing-image\"}'.
+ WARNING:
+ - If the backing image name is not specified, setting this field is meaningless.
+ - Be careful of the quotes here."
+ label: Storage Class Backing Image Data Source Parameters
+ group: "Longhorn Storage Class Settings"
+ type: string
+ default:
+- variable: persistence.removeSnapshotsDuringFilesystemTrim
+ description: "Allow automatically removing snapshots during filesystem trim for Longhorn StorageClass"
+ label: Default Storage Class Remove Snapshots During Filesystem Trim
+ group: "Longhorn Storage Class Settings"
+ type: enum
+ options:
+ - "ignored"
+ - "enabled"
+ - "disabled"
+ default: "ignored"
+- variable: ingress.enabled
+ default: "false"
+ description: "Expose app using Layer 7 Load Balancer - ingress"
+ type: boolean
+ group: "Services and Load Balancing"
+ label: Expose app using Layer 7 Load Balancer
+ show_subquestion_if: true
+ subquestions:
+ - variable: ingress.host
+ default: "xip.io"
+ description: "layer 7 Load Balancer hostname"
+ type: hostname
+ required: true
+ label: Layer 7 Load Balancer Hostname
+ - variable: ingress.path
+ default: "/"
+ description: "If ingress is enabled you can set the default ingress path"
+ type: string
+ required: true
+ label: Ingress Path
+- variable: service.ui.type
+ default: "Rancher-Proxy"
+ description: "Define Longhorn UI service type"
+ type: enum
+ options:
+ - "ClusterIP"
+ - "NodePort"
+ - "LoadBalancer"
+ - "Rancher-Proxy"
+ label: Longhorn UI Service
+ show_if: "ingress.enabled=false"
+ group: "Services and Load Balancing"
+ show_subquestion_if: "NodePort"
+ subquestions:
+ - variable: service.ui.nodePort
+ default: ""
+ description: "NodePort port number(to set explicitly, choose port between 30000-32767)"
+ type: int
+ min: 30000
+ max: 32767
+ show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer"
+ label: UI Service NodePort number
+- variable: enablePSP
+ default: "false"
+ description: "Setup a pod security policy for Longhorn workloads."
+ label: Pod Security Policy
+ type: boolean
+ group: "Other Settings"
+- variable: global.cattle.windowsCluster.enabled
+ default: "false"
+ description: "Enable this to allow Longhorn to run on the Rancher deployed Windows cluster."
+ label: Rancher Windows Cluster
+ type: boolean
+ group: "Other Settings"
diff --git a/charts/longhorn/templates/NOTES.txt b/charts/longhorn/templates/NOTES.txt
new file mode 100644
index 0000000..cca7cd7
--- /dev/null
+++ b/charts/longhorn/templates/NOTES.txt
@@ -0,0 +1,5 @@
+Longhorn is now installed on the cluster!
+
+Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized.
+
+Visit our documentation at https://longhorn.io/docs/
diff --git a/charts/longhorn/templates/_helpers.tpl b/charts/longhorn/templates/_helpers.tpl
new file mode 100644
index 0000000..3fbc2ac
--- /dev/null
+++ b/charts/longhorn/templates/_helpers.tpl
@@ -0,0 +1,66 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "longhorn.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "longhorn.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "longhorn.managerIP" -}}
+{{- $fullname := (include "longhorn.fullname" .) -}}
+{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "secret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }}
+{{- end }}
+
+{{- /*
+longhorn.labels generates the standard Helm labels.
+*/ -}}
+{{- define "longhorn.labels" -}}
+app.kubernetes.io/name: {{ template "longhorn.name" . }}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- end -}}
+
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "registry_url" -}}
+{{- if .Values.privateRegistry.registryUrl -}}
+{{- printf "%s/" .Values.privateRegistry.registryUrl -}}
+{{- else -}}
+{{ include "system_default_registry" . }}
+{{- end -}}
+{{- end -}}
+
+{{- /*
+ define the longhorn release namespace
+*/ -}}
+{{- define "release_namespace" -}}
+{{- if .Values.namespaceOverride -}}
+{{- .Values.namespaceOverride -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/longhorn/templates/clusterrole.yaml b/charts/longhorn/templates/clusterrole.yaml
new file mode 100644
index 0000000..bf28a47
--- /dev/null
+++ b/charts/longhorn/templates/clusterrole.yaml
@@ -0,0 +1,60 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: longhorn-role
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - "*"
+- apiGroups: [""]
+ resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps", "serviceaccounts"]
+ verbs: ["*"]
+- apiGroups: [""]
+ resources: ["namespaces"]
+ verbs: ["get", "list"]
+- apiGroups: ["apps"]
+ resources: ["daemonsets", "statefulsets", "deployments"]
+ verbs: ["*"]
+- apiGroups: ["batch"]
+ resources: ["jobs", "cronjobs"]
+ verbs: ["*"]
+- apiGroups: ["policy"]
+ resources: ["poddisruptionbudgets", "podsecuritypolicies"]
+ verbs: ["*"]
+- apiGroups: ["scheduling.k8s.io"]
+ resources: ["priorityclasses"]
+ verbs: ["watch", "list"]
+- apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"]
+ verbs: ["*"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"]
+ verbs: ["*"]
+- apiGroups: ["longhorn.io"]
+ resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+ "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+ "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status",
+ "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status",
+ "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status",
+ "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status",
+ "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status"]
+ verbs: ["*"]
+- apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["*"]
+- apiGroups: ["metrics.k8s.io"]
+ resources: ["pods", "nodes"]
+ verbs: ["get", "list"]
+- apiGroups: ["apiregistration.k8s.io"]
+ resources: ["apiservices"]
+ verbs: ["list", "watch"]
+- apiGroups: ["admissionregistration.k8s.io"]
+ resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
+ verbs: ["get", "list", "create", "patch", "delete"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+ resources: ["roles", "rolebindings", "clusterrolebindings", "clusterroles"]
+ verbs: ["*"]
diff --git a/charts/longhorn/templates/clusterrolebinding.yaml b/charts/longhorn/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..8ab944b
--- /dev/null
+++ b/charts/longhorn/templates/clusterrolebinding.yaml
@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: longhorn-bind
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: longhorn-role
+subjects:
+- kind: ServiceAccount
+ name: longhorn-service-account
+ namespace: {{ include "release_namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: longhorn-support-bundle
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: longhorn-support-bundle
+ namespace: {{ include "release_namespace" . }}
diff --git a/charts/longhorn/templates/crds.yaml b/charts/longhorn/templates/crds.yaml
new file mode 100644
index 0000000..0f73824
--- /dev/null
+++ b/charts/longhorn/templates/crds.yaml
@@ -0,0 +1,3465 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: backingimagedatasources.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: BackingImageDataSource
+ listKind: BackingImageDataSourceList
+ plural: backingimagedatasources
+ shortNames:
+ - lhbids
+ singular: backingimagedatasource
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The current state of the pod used to provision the backing image file from source
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The data source type
+ jsonPath: .spec.sourceType
+ name: SourceType
+ type: string
+ - description: The node the backing image file will be prepared on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - description: The disk the backing image file will be prepared on
+ jsonPath: .spec.diskUUID
+ name: DiskUUID
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BackingImageDataSource is where Longhorn stores backing image data source object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The system generated UUID of the provisioned backing image file
+ jsonPath: .spec.uuid
+ name: UUID
+ type: string
+ - description: The current state of the pod used to provision the backing image file from source
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The data source type
+ jsonPath: .spec.sourceType
+ name: SourceType
+ type: string
+ - description: The backing image file size
+ jsonPath: .status.size
+ name: Size
+ type: string
+ - description: The node the backing image file will be prepared on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - description: The disk the backing image file will be prepared on
+ jsonPath: .spec.diskUUID
+ name: DiskUUID
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: BackingImageDataSource is where Longhorn stores backing image data source object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BackingImageDataSourceSpec defines the desired state of the Longhorn backing image data source
+ properties:
+ checksum:
+ type: string
+ diskPath:
+ type: string
+ diskUUID:
+ type: string
+ fileTransferred:
+ type: boolean
+ nodeID:
+ type: string
+ parameters:
+ additionalProperties:
+ type: string
+ type: object
+ sourceType:
+ enum:
+ - download
+ - upload
+ - export-from-volume
+ type: string
+ uuid:
+ type: string
+ type: object
+ status:
+ description: BackingImageDataSourceStatus defines the observed state of the Longhorn backing image data source
+ properties:
+ checksum:
+ type: string
+ currentState:
+ type: string
+ ip:
+ type: string
+ message:
+ type: string
+ ownerID:
+ type: string
+ progress:
+ type: integer
+ runningParameters:
+ additionalProperties:
+ type: string
+ nullable: true
+ type: object
+ size:
+ format: int64
+ type: integer
+ storageIP:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: backingimagemanagers.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: BackingImageManager
+ listKind: BackingImageManagerList
+ plural: backingimagemanagers
+ shortNames:
+ - lhbim
+ singular: backingimagemanager
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The current state of the manager
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The image the manager pod will use
+ jsonPath: .spec.image
+ name: Image
+ type: string
+ - description: The node the manager is on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - description: The disk the manager is responsible for
+ jsonPath: .spec.diskUUID
+ name: DiskUUID
+ type: string
+ - description: The disk path the manager is using
+ jsonPath: .spec.diskPath
+ name: DiskPath
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BackingImageManager is where Longhorn stores backing image manager object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The current state of the manager
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The image the manager pod will use
+ jsonPath: .spec.image
+ name: Image
+ type: string
+ - description: The node the manager is on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - description: The disk the manager is responsible for
+ jsonPath: .spec.diskUUID
+ name: DiskUUID
+ type: string
+ - description: The disk path the manager is using
+ jsonPath: .spec.diskPath
+ name: DiskPath
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: BackingImageManager is where Longhorn stores backing image manager object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BackingImageManagerSpec defines the desired state of the Longhorn backing image manager
+ properties:
+ backingImages:
+ additionalProperties:
+ type: string
+ type: object
+ diskPath:
+ type: string
+ diskUUID:
+ type: string
+ image:
+ type: string
+ nodeID:
+ type: string
+ type: object
+ status:
+ description: BackingImageManagerStatus defines the observed state of the Longhorn backing image manager
+ properties:
+ apiMinVersion:
+ type: integer
+ apiVersion:
+ type: integer
+ backingImageFileMap:
+ additionalProperties:
+ properties:
+ currentChecksum:
+ type: string
+ directory:
+ description: 'Deprecated: This field is useless.'
+ type: string
+ downloadProgress:
+ description: 'Deprecated: This field is renamed to `Progress`.'
+ type: integer
+ message:
+ type: string
+ name:
+ type: string
+ progress:
+ type: integer
+ senderManagerAddress:
+ type: string
+ sendingReference:
+ type: integer
+ size:
+ format: int64
+ type: integer
+ state:
+ type: string
+ url:
+ description: 'Deprecated: This field is useless now. The manager of backing image files doesn''t care if a file is downloaded and how.'
+ type: string
+ uuid:
+ type: string
+ type: object
+ nullable: true
+ type: object
+ currentState:
+ type: string
+ ip:
+ type: string
+ ownerID:
+ type: string
+ storageIP:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: backingimages.longhorn.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: longhorn-conversion-webhook
+ namespace: {{ include "release_namespace" . }}
+ path: /v1/webhook/conversion
+ port: 9443
+ conversionReviewVersions:
+ - v1beta2
+ - v1beta1
+ group: longhorn.io
+ names:
+ kind: BackingImage
+ listKind: BackingImageList
+ plural: backingimages
+ shortNames:
+ - lhbi
+ singular: backingimage
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The backing image name
+ jsonPath: .spec.image
+ name: Image
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BackingImage is where Longhorn stores backing image object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The system generated UUID
+ jsonPath: .status.uuid
+ name: UUID
+ type: string
+ - description: The source of the backing image file data
+ jsonPath: .spec.sourceType
+ name: SourceType
+ type: string
+ - description: The backing image file size in each disk
+ jsonPath: .status.size
+ name: Size
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: BackingImage is where Longhorn stores backing image object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BackingImageSpec defines the desired state of the Longhorn backing image
+ properties:
+ checksum:
+ type: string
+ disks:
+ additionalProperties:
+ type: string
+ type: object
+ imageURL:
+ description: 'Deprecated: This kind of info will be included in the related BackingImageDataSource.'
+ type: string
+ sourceParameters:
+ additionalProperties:
+ type: string
+ type: object
+ sourceType:
+ enum:
+ - download
+ - upload
+ - export-from-volume
+ type: string
+ type: object
+ status:
+ description: BackingImageStatus defines the observed state of the Longhorn backing image status
+ properties:
+ checksum:
+ type: string
+ diskDownloadProgressMap:
+ additionalProperties:
+ type: integer
+ description: 'Deprecated: Replaced by field `Progress` in `DiskFileStatusMap`.'
+ nullable: true
+ type: object
+ diskDownloadStateMap:
+ additionalProperties:
+ description: BackingImageDownloadState is replaced by BackingImageState.
+ type: string
+ description: 'Deprecated: Replaced by field `State` in `DiskFileStatusMap`.'
+ nullable: true
+ type: object
+ diskFileStatusMap:
+ additionalProperties:
+ properties:
+ lastStateTransitionTime:
+ type: string
+ message:
+ type: string
+ progress:
+ type: integer
+ state:
+ type: string
+ type: object
+ nullable: true
+ type: object
+ diskLastRefAtMap:
+ additionalProperties:
+ type: string
+ nullable: true
+ type: object
+ ownerID:
+ type: string
+ size:
+ format: int64
+ type: integer
+ uuid:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: backups.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Backup
+ listKind: BackupList
+ plural: backups
+ shortNames:
+ - lhb
+ singular: backup
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The snapshot name
+ jsonPath: .status.snapshotName
+ name: SnapshotName
+ type: string
+ - description: The snapshot size
+ jsonPath: .status.size
+ name: SnapshotSize
+ type: string
+ - description: The snapshot creation time
+ jsonPath: .status.snapshotCreatedAt
+ name: SnapshotCreatedAt
+ type: string
+ - description: The backup state
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The backup last synced time
+ jsonPath: .status.lastSyncedAt
+ name: LastSyncedAt
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Backup is where Longhorn stores backup object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The snapshot name
+ jsonPath: .status.snapshotName
+ name: SnapshotName
+ type: string
+ - description: The snapshot size
+ jsonPath: .status.size
+ name: SnapshotSize
+ type: string
+ - description: The snapshot creation time
+ jsonPath: .status.snapshotCreatedAt
+ name: SnapshotCreatedAt
+ type: string
+ - description: The backup state
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The backup last synced time
+ jsonPath: .status.lastSyncedAt
+ name: LastSyncedAt
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Backup is where Longhorn stores backup object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BackupSpec defines the desired state of the Longhorn backup
+ properties:
+ labels:
+ additionalProperties:
+ type: string
+ description: The labels of snapshot backup.
+ type: object
+ snapshotName:
+ description: The snapshot name.
+ type: string
+ syncRequestedAt:
+ description: The time to request run sync the remote backup.
+ format: date-time
+ nullable: true
+ type: string
+ type: object
+ status:
+ description: BackupStatus defines the observed state of the Longhorn backup
+ properties:
+ backupCreatedAt:
+ description: The snapshot backup upload finished time.
+ type: string
+ error:
+ description: The error message when taking the snapshot backup.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: The labels of snapshot backup.
+ nullable: true
+ type: object
+ lastSyncedAt:
+ description: The last time that the backup was synced with the remote backup target.
+ format: date-time
+ nullable: true
+ type: string
+ messages:
+ additionalProperties:
+ type: string
+ description: The error messages when calling longhorn engine on listing or inspecting backups.
+ nullable: true
+ type: object
+ ownerID:
+ description: The node ID on which the controller is responsible to reconcile this backup CR.
+ type: string
+ progress:
+ description: The snapshot backup progress.
+ type: integer
+ replicaAddress:
+ description: The address of the replica that runs snapshot backup.
+ type: string
+ size:
+ description: The snapshot size.
+ type: string
+ snapshotCreatedAt:
+ description: The snapshot creation time.
+ type: string
+ snapshotName:
+ description: The snapshot name.
+ type: string
+ state:
+ description: The backup creation state. Can be "", "InProgress", "Completed", "Error", "Unknown".
+ type: string
+ url:
+ description: The snapshot backup URL.
+ type: string
+ volumeBackingImageName:
+ description: The volume's backing image name.
+ type: string
+ volumeCreated:
+ description: The volume creation time.
+ type: string
+ volumeName:
+ description: The volume name.
+ type: string
+ volumeSize:
+ description: The volume size.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: backuptargets.longhorn.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: longhorn-conversion-webhook
+ namespace: {{ include "release_namespace" . }}
+ path: /v1/webhook/conversion
+ port: 9443
+ conversionReviewVersions:
+ - v1beta2
+ - v1beta1
+ group: longhorn.io
+ names:
+ kind: BackupTarget
+ listKind: BackupTargetList
+ plural: backuptargets
+ shortNames:
+ - lhbt
+ singular: backuptarget
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The backup target URL
+ jsonPath: .spec.backupTargetURL
+ name: URL
+ type: string
+ - description: The backup target credential secret
+ jsonPath: .spec.credentialSecret
+ name: Credential
+ type: string
+ - description: The backup target poll interval
+ jsonPath: .spec.pollInterval
+ name: LastBackupAt
+ type: string
+ - description: Indicate whether the backup target is available or not
+ jsonPath: .status.available
+ name: Available
+ type: boolean
+ - description: The backup target last synced time
+ jsonPath: .status.lastSyncedAt
+ name: LastSyncedAt
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BackupTarget is where Longhorn stores backup target object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The backup target URL
+ jsonPath: .spec.backupTargetURL
+ name: URL
+ type: string
+ - description: The backup target credential secret
+ jsonPath: .spec.credentialSecret
+ name: Credential
+ type: string
+ - description: The backup target poll interval
+ jsonPath: .spec.pollInterval
+ name: LastBackupAt
+ type: string
+ - description: Indicate whether the backup target is available or not
+ jsonPath: .status.available
+ name: Available
+ type: boolean
+ - description: The backup target last synced time
+ jsonPath: .status.lastSyncedAt
+ name: LastSyncedAt
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: BackupTarget is where Longhorn stores backup target object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BackupTargetSpec defines the desired state of the Longhorn backup target
+ properties:
+ backupTargetURL:
+ description: The backup target URL.
+ type: string
+ credentialSecret:
+ description: The backup target credential secret.
+ type: string
+ pollInterval:
+ description: The interval that the cluster needs to run sync with the backup target.
+ type: string
+ syncRequestedAt:
+ description: The time to request run sync the remote backup target.
+ format: date-time
+ nullable: true
+ type: string
+ type: object
+ status:
+ description: BackupTargetStatus defines the observed state of the Longhorn backup target
+ properties:
+ available:
+ description: Available indicates if the remote backup target is available or not.
+ type: boolean
+ conditions:
+ description: Records the reason on why the backup target is unavailable.
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ lastSyncedAt:
+ description: The last time that the controller synced with the remote backup target.
+ format: date-time
+ nullable: true
+ type: string
+ ownerID:
+ description: The node ID on which the controller is responsible to reconcile this backup target CR.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: backupvolumes.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: BackupVolume
+ listKind: BackupVolumeList
+ plural: backupvolumes
+ shortNames:
+ - lhbv
+ singular: backupvolume
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The backup volume creation time
+ jsonPath: .status.createdAt
+ name: CreatedAt
+ type: string
+ - description: The backup volume last backup name
+ jsonPath: .status.lastBackupName
+ name: LastBackupName
+ type: string
+ - description: The backup volume last backup time
+ jsonPath: .status.lastBackupAt
+ name: LastBackupAt
+ type: string
+ - description: The backup volume last synced time
+ jsonPath: .status.lastSyncedAt
+ name: LastSyncedAt
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BackupVolume is where Longhorn stores backup volume object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The backup volume creation time
+ jsonPath: .status.createdAt
+ name: CreatedAt
+ type: string
+ - description: The backup volume last backup name
+ jsonPath: .status.lastBackupName
+ name: LastBackupName
+ type: string
+ - description: The backup volume last backup time
+ jsonPath: .status.lastBackupAt
+ name: LastBackupAt
+ type: string
+ - description: The backup volume last synced time
+ jsonPath: .status.lastSyncedAt
+ name: LastSyncedAt
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: BackupVolume is where Longhorn stores backup volume object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BackupVolumeSpec defines the desired state of the Longhorn backup volume
+ properties:
+ syncRequestedAt:
+ description: The time to request run sync the remote backup volume.
+ format: date-time
+ nullable: true
+ type: string
+ type: object
+ status:
+ description: BackupVolumeStatus defines the observed state of the Longhorn backup volume
+ properties:
+ backingImageChecksum:
+ description: the backing image checksum.
+ type: string
+ backingImageName:
+ description: The backing image name.
+ type: string
+ createdAt:
+ description: The backup volume creation time.
+ type: string
+ dataStored:
+ description: The backup volume block count.
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ description: The backup volume labels.
+ nullable: true
+ type: object
+ lastBackupAt:
+ description: The latest volume backup time.
+ type: string
+ lastBackupName:
+ description: The latest volume backup name.
+ type: string
+ lastModificationTime:
+ description: The backup volume config last modification time.
+ format: date-time
+ nullable: true
+ type: string
+ lastSyncedAt:
+ description: The last time that the backup volume was synced into the cluster.
+ format: date-time
+ nullable: true
+ type: string
+ messages:
+ additionalProperties:
+ type: string
+ description: The error messages when call longhorn engine on list or inspect backup volumes.
+ nullable: true
+ type: object
+ ownerID:
+ description: The node ID on which the controller is responsible to reconcile this backup volume CR.
+ type: string
+ size:
+ description: The backup volume size.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: engineimages.longhorn.io
+spec:
+ preserveUnknownFields: false
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: longhorn-conversion-webhook
+ namespace: {{ include "release_namespace" . }}
+ path: /v1/webhook/conversion
+ port: 9443
+ conversionReviewVersions:
+ - v1beta2
+ - v1beta1
+ group: longhorn.io
+ names:
+ kind: EngineImage
+ listKind: EngineImageList
+ plural: engineimages
+ shortNames:
+ - lhei
+ singular: engineimage
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: State of the engine image
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The Longhorn engine image
+ jsonPath: .spec.image
+ name: Image
+ type: string
+ - description: Number of resources using the engine image
+ jsonPath: .status.refCount
+ name: RefCount
+ type: integer
+ - description: The build date of the engine image
+ jsonPath: .status.buildDate
+ name: BuildDate
+ type: date
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: EngineImage is where Longhorn stores engine image object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: State of the engine image
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The Longhorn engine image
+ jsonPath: .spec.image
+ name: Image
+ type: string
+ - description: Number of resources using the engine image
+ jsonPath: .status.refCount
+ name: RefCount
+ type: integer
+ - description: The build date of the engine image
+ jsonPath: .status.buildDate
+ name: BuildDate
+ type: date
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: EngineImage is where Longhorn stores engine image object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EngineImageSpec defines the desired state of the Longhorn engine image
+ properties:
+ image:
+ minLength: 1
+ type: string
+ required:
+ - image
+ type: object
+ status:
+ description: EngineImageStatus defines the observed state of the Longhorn engine image
+ properties:
+ buildDate:
+ type: string
+ cliAPIMinVersion:
+ type: integer
+ cliAPIVersion:
+ type: integer
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ controllerAPIMinVersion:
+ type: integer
+ controllerAPIVersion:
+ type: integer
+ dataFormatMinVersion:
+ type: integer
+ dataFormatVersion:
+ type: integer
+ gitCommit:
+ type: string
+ noRefSince:
+ type: string
+ nodeDeploymentMap:
+ additionalProperties:
+ type: boolean
+ nullable: true
+ type: object
+ ownerID:
+ type: string
+ refCount:
+ type: integer
+ state:
+ type: string
+ version:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: engines.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Engine
+ listKind: EngineList
+ plural: engines
+ shortNames:
+ - lhe
+ singular: engine
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The current state of the engine
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The node that the engine is on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - description: The instance manager of the engine
+ jsonPath: .status.instanceManagerName
+ name: InstanceManager
+ type: string
+ - description: The current image of the engine
+ jsonPath: .status.currentImage
+ name: Image
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Engine is where Longhorn stores engine object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The current state of the engine
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The node that the engine is on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - description: The instance manager of the engine
+ jsonPath: .status.instanceManagerName
+ name: InstanceManager
+ type: string
+ - description: The current image of the engine
+ jsonPath: .status.currentImage
+ name: Image
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Engine is where Longhorn stores engine object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EngineSpec defines the desired state of the Longhorn engine
+ properties:
+ active:
+ type: boolean
+ backupVolume:
+ type: string
+ desireState:
+ type: string
+ disableFrontend:
+ type: boolean
+ engineImage:
+ type: string
+ frontend:
+ enum:
+ - blockdev
+ - iscsi
+ - ""
+ type: string
+ logRequested:
+ type: boolean
+ nodeID:
+ type: string
+ replicaAddressMap:
+ additionalProperties:
+ type: string
+ type: object
+ requestedBackupRestore:
+ type: string
+ requestedDataSource:
+ type: string
+ revisionCounterDisabled:
+ type: boolean
+ salvageRequested:
+ type: boolean
+ unmapMarkSnapChainRemovedEnabled:
+ type: boolean
+ upgradedReplicaAddressMap:
+ additionalProperties:
+ type: string
+ type: object
+ volumeName:
+ type: string
+ volumeSize:
+ format: int64
+ type: string
+ type: object
+ status:
+ description: EngineStatus defines the observed state of the Longhorn engine
+ properties:
+ backupStatus:
+ additionalProperties:
+ properties:
+ backupURL:
+ type: string
+ error:
+ type: string
+ progress:
+ type: integer
+ replicaAddress:
+ type: string
+ snapshotName:
+ type: string
+ state:
+ type: string
+ type: object
+ nullable: true
+ type: object
+ cloneStatus:
+ additionalProperties:
+ properties:
+ error:
+ type: string
+ fromReplicaAddress:
+ type: string
+ isCloning:
+ type: boolean
+ progress:
+ type: integer
+ snapshotName:
+ type: string
+ state:
+ type: string
+ type: object
+ nullable: true
+ type: object
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ currentImage:
+ type: string
+ currentReplicaAddressMap:
+ additionalProperties:
+ type: string
+ nullable: true
+ type: object
+ currentSize:
+ format: int64
+ type: string
+ currentState:
+ type: string
+ endpoint:
+ type: string
+ instanceManagerName:
+ type: string
+ ip:
+ type: string
+ isExpanding:
+ type: boolean
+ lastExpansionError:
+ type: string
+ lastExpansionFailedAt:
+ type: string
+ lastRestoredBackup:
+ type: string
+ logFetched:
+ type: boolean
+ ownerID:
+ type: string
+ port:
+ type: integer
+ purgeStatus:
+ additionalProperties:
+ properties:
+ error:
+ type: string
+ isPurging:
+ type: boolean
+ progress:
+ type: integer
+ state:
+ type: string
+ type: object
+ nullable: true
+ type: object
+ rebuildStatus:
+ additionalProperties:
+ properties:
+ error:
+ type: string
+ fromReplicaAddress:
+ type: string
+ isRebuilding:
+ type: boolean
+ progress:
+ type: integer
+ state:
+ type: string
+ type: object
+ nullable: true
+ type: object
+ replicaModeMap:
+ additionalProperties:
+ type: string
+ nullable: true
+ type: object
+ restoreStatus:
+ additionalProperties:
+ properties:
+ backupURL:
+ type: string
+ currentRestoringBackup:
+ type: string
+ error:
+ type: string
+ filename:
+ type: string
+ isRestoring:
+ type: boolean
+ lastRestored:
+ type: string
+ progress:
+ type: integer
+ state:
+ type: string
+ type: object
+ nullable: true
+ type: object
+ salvageExecuted:
+ type: boolean
+ snapshots:
+ additionalProperties:
+ properties:
+ children:
+ additionalProperties:
+ type: boolean
+ nullable: true
+ type: object
+ created:
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ nullable: true
+ type: object
+ name:
+ type: string
+ parent:
+ type: string
+ removed:
+ type: boolean
+ size:
+ type: string
+ usercreated:
+ type: boolean
+ type: object
+ nullable: true
+ type: object
+ snapshotsError:
+ type: string
+ started:
+ type: boolean
+ storageIP:
+ type: string
+ unmapMarkSnapChainRemovedEnabled:
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: instancemanagers.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: InstanceManager
+ listKind: InstanceManagerList
+ plural: instancemanagers
+ shortNames:
+ - lhim
+ singular: instancemanager
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The state of the instance manager
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The type of the instance manager (engine or replica)
+ jsonPath: .spec.type
+ name: Type
+ type: string
+ - description: The node that the instance manager is running on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: InstanceManager is where Longhorn stores instance manager object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The state of the instance manager
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The type of the instance manager (engine or replica)
+ jsonPath: .spec.type
+ name: Type
+ type: string
+ - description: The node that the instance manager is running on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: InstanceManager is where Longhorn stores instance manager object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: InstanceManagerSpec defines the desired state of the Longhorn instancer manager
+ properties:
+ engineImage:
+ description: 'Deprecated: This field is useless.'
+ type: string
+ image:
+ type: string
+ nodeID:
+ type: string
+ type:
+ enum:
+ - engine
+ - replica
+ type: string
+ type: object
+ status:
+ description: InstanceManagerStatus defines the observed state of the Longhorn instance manager
+ properties:
+ apiMinVersion:
+ type: integer
+ apiVersion:
+ type: integer
+ proxyApiMinVersion:
+ type: integer
+ proxyApiVersion:
+ type: integer
+ currentState:
+ type: string
+ instances:
+ additionalProperties:
+ properties:
+ spec:
+ properties:
+ name:
+ type: string
+ type: object
+ status:
+ properties:
+ endpoint:
+ type: string
+ errorMsg:
+ type: string
+ listen:
+ type: string
+ portEnd:
+ format: int32
+ type: integer
+ portStart:
+ format: int32
+ type: integer
+ resourceVersion:
+ format: int64
+ type: integer
+ state:
+ type: string
+ type:
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: object
+ ip:
+ type: string
+ ownerID:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: nodes.longhorn.io
+spec:
+ preserveUnknownFields: false
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: longhorn-conversion-webhook
+ namespace: {{ include "release_namespace" . }}
+ path: /v1/webhook/conversion
+ port: 9443
+ conversionReviewVersions:
+ - v1beta2
+ - v1beta1
+ group: longhorn.io
+ names:
+ kind: Node
+ listKind: NodeList
+ plural: nodes
+ shortNames:
+ - lhn
+ singular: node
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Indicate whether the node is ready
+ jsonPath: .status.conditions['Ready']['status']
+ name: Ready
+ type: string
+ - description: Indicate whether the user disabled/enabled replica scheduling for the node
+ jsonPath: .spec.allowScheduling
+ name: AllowScheduling
+ type: boolean
+ - description: Indicate whether Longhorn can schedule replicas on the node
+ jsonPath: .status.conditions['Schedulable']['status']
+ name: Schedulable
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Node is where Longhorn stores Longhorn node object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Indicate whether the node is ready
+ jsonPath: .status.conditions[?(@.type=='Ready')].status
+ name: Ready
+ type: string
+ - description: Indicate whether the user disabled/enabled replica scheduling for the node
+ jsonPath: .spec.allowScheduling
+ name: AllowScheduling
+ type: boolean
+ - description: Indicate whether Longhorn can schedule replicas on the node
+ jsonPath: .status.conditions[?(@.type=='Schedulable')].status
+ name: Schedulable
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Node is where Longhorn stores Longhorn node object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: NodeSpec defines the desired state of the Longhorn node
+ properties:
+ allowScheduling:
+ type: boolean
+ disks:
+ additionalProperties:
+ properties:
+ allowScheduling:
+ type: boolean
+ evictionRequested:
+ type: boolean
+ path:
+ type: string
+ storageReserved:
+ format: int64
+ type: integer
+ tags:
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ engineManagerCPURequest:
+ type: integer
+ evictionRequested:
+ type: boolean
+ name:
+ type: string
+ replicaManagerCPURequest:
+ type: integer
+ tags:
+ items:
+ type: string
+ type: array
+ type: object
+ status:
+ description: NodeStatus defines the observed state of the Longhorn node
+ properties:
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ diskStatus:
+ additionalProperties:
+ properties:
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ diskUUID:
+ type: string
+ scheduledReplica:
+ additionalProperties:
+ format: int64
+ type: integer
+ nullable: true
+ type: object
+ storageAvailable:
+ format: int64
+ type: integer
+ storageMaximum:
+ format: int64
+ type: integer
+ storageScheduled:
+ format: int64
+ type: integer
+ type: object
+ nullable: true
+ type: object
+ region:
+ type: string
+ snapshotCheckStatus:
+ properties:
+ lastPeriodicCheckedAt:
+ format: date-time
+ type: string
+ snapshotCheckState:
+ type: string
+ type: object
+ zone:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: orphans.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Orphan
+ listKind: OrphanList
+ plural: orphans
+ shortNames:
+ - lho
+ singular: orphan
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The type of the orphan
+ jsonPath: .spec.orphanType
+ name: Type
+ type: string
+ - description: The node that the orphan is on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Orphan is where Longhorn stores orphan object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OrphanSpec defines the desired state of the Longhorn orphaned data
+ properties:
+ nodeID:
+ description: The node ID on which the controller is responsible to reconcile this orphan CR.
+ type: string
+ orphanType:
+ description: The type of the orphaned data. Can be "replica".
+ type: string
+ parameters:
+ additionalProperties:
+ type: string
+ description: The parameters of the orphaned data
+ type: object
+ type: object
+ status:
+ description: OrphanStatus defines the observed state of the Longhorn orphaned data
+ properties:
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ ownerID:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels:
+ longhorn-manager: ""
+ name: recurringjobs.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: RecurringJob
+ listKind: RecurringJobList
+ plural: recurringjobs
+ shortNames:
+ - lhrj
+ singular: recurringjob
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume
+ jsonPath: .spec.groups
+ name: Groups
+ type: string
+ - description: Should be one of "backup" or "snapshot"
+ jsonPath: .spec.task
+ name: Task
+ type: string
+ - description: The cron expression represents recurring job scheduling
+ jsonPath: .spec.cron
+ name: Cron
+ type: string
+ - description: The number of snapshots/backups to keep for the volume
+ jsonPath: .spec.retain
+ name: Retain
+ type: integer
+ - description: The concurrent job to run by each cron job
+ jsonPath: .spec.concurrency
+ name: Concurrency
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Specify the labels
+ jsonPath: .spec.labels
+ name: Labels
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: RecurringJob is where Longhorn stores recurring job object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume
+ jsonPath: .spec.groups
+ name: Groups
+ type: string
+ - description: Should be one of "snapshot", "snapshot-cleanup", "snapshot-delete" or "backup"
+ jsonPath: .spec.task
+ name: Task
+ type: string
+ - description: The cron expression represents recurring job scheduling
+ jsonPath: .spec.cron
+ name: Cron
+ type: string
+ - description: The number of snapshots/backups to keep for the volume
+ jsonPath: .spec.retain
+ name: Retain
+ type: integer
+ - description: The concurrent job to run by each cron job
+ jsonPath: .spec.concurrency
+ name: Concurrency
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - description: Specify the labels
+ jsonPath: .spec.labels
+ name: Labels
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: RecurringJob is where Longhorn stores recurring job object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RecurringJobSpec defines the desired state of the Longhorn recurring job
+ properties:
+ concurrency:
+ description: The concurrency of taking the snapshot/backup.
+ type: integer
+ cron:
+ description: The cron setting.
+ type: string
+ groups:
+ description: The recurring job group.
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ description: The label of the snapshot/backup.
+ type: object
+ name:
+ description: The recurring job name.
+ type: string
+ retain:
+ description: The retain count of the snapshot/backup.
+ type: integer
+ task:
+ description: The recurring job task. Can be "snapshot", "snapshot-cleanup", "snapshot-delete" or "backup".
+ enum:
+ - snapshot
+ - snapshot-cleanup
+ - snapshot-delete
+ - backup
+ type: string
+ type: object
+ status:
+ description: RecurringJobStatus defines the observed state of the Longhorn recurring job
+ properties:
+ ownerID:
+ description: The owner ID which is responsible to reconcile this recurring job CR.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: replicas.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Replica
+ listKind: ReplicaList
+ plural: replicas
+ shortNames:
+ - lhr
+ singular: replica
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The current state of the replica
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The node that the replica is on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - description: The disk that the replica is on
+ jsonPath: .spec.diskID
+ name: Disk
+ type: string
+ - description: The instance manager of the replica
+ jsonPath: .status.instanceManagerName
+ name: InstanceManager
+ type: string
+ - description: The current image of the replica
+ jsonPath: .status.currentImage
+ name: Image
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Replica is where Longhorn stores replica object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The current state of the replica
+ jsonPath: .status.currentState
+ name: State
+ type: string
+ - description: The node that the replica is on
+ jsonPath: .spec.nodeID
+ name: Node
+ type: string
+ - description: The disk that the replica is on
+ jsonPath: .spec.diskID
+ name: Disk
+ type: string
+ - description: The instance manager of the replica
+ jsonPath: .status.instanceManagerName
+ name: InstanceManager
+ type: string
+ - description: The current image of the replica
+ jsonPath: .status.currentImage
+ name: Image
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Replica is where Longhorn stores replica object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ReplicaSpec defines the desired state of the Longhorn replica
+ properties:
+ active:
+ type: boolean
+ backingImage:
+ type: string
+ baseImage:
+ description: Deprecated. Rename to BackingImage
+ type: string
+ dataDirectoryName:
+ type: string
+ dataPath:
+ description: Deprecated
+ type: string
+ desireState:
+ type: string
+ diskID:
+ type: string
+ diskPath:
+ type: string
+ engineImage:
+ type: string
+ engineName:
+ type: string
+ failedAt:
+ type: string
+ hardNodeAffinity:
+ type: string
+ healthyAt:
+ type: string
+ logRequested:
+ type: boolean
+ nodeID:
+ type: string
+ rebuildRetryCount:
+ type: integer
+ revisionCounterDisabled:
+ type: boolean
+ salvageRequested:
+ type: boolean
+ unmapMarkDiskChainRemovedEnabled:
+ type: boolean
+ volumeName:
+ type: string
+ volumeSize:
+ format: int64
+ type: string
+ type: object
+ status:
+ description: ReplicaStatus defines the observed state of the Longhorn replica
+ properties:
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ currentImage:
+ type: string
+ currentState:
+ type: string
+ evictionRequested:
+ type: boolean
+ instanceManagerName:
+ type: string
+ ip:
+ type: string
+ logFetched:
+ type: boolean
+ ownerID:
+ type: string
+ port:
+ type: integer
+ salvageExecuted:
+ type: boolean
+ started:
+ type: boolean
+ storageIP:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: settings.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Setting
+ listKind: SettingList
+ plural: settings
+ shortNames:
+ - lhs
+ singular: setting
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The value of the setting
+ jsonPath: .value
+ name: Value
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Setting is where Longhorn stores setting object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ value:
+ type: string
+ required:
+ - value
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The value of the setting
+ jsonPath: .value
+ name: Value
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Setting is where Longhorn stores setting object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ value:
+ type: string
+ required:
+ - value
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: sharemanagers.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: ShareManager
+ listKind: ShareManagerList
+ plural: sharemanagers
+ shortNames:
+ - lhsm
+ singular: sharemanager
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The state of the share manager
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The node that the share manager is owned by
+ jsonPath: .status.ownerID
+ name: Node
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ShareManager is where Longhorn stores share manager object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The state of the share manager
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The node that the share manager is owned by
+ jsonPath: .status.ownerID
+ name: Node
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: ShareManager is where Longhorn stores share manager object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ShareManagerSpec defines the desired state of the Longhorn share manager
+ properties:
+ image:
+ type: string
+ type: object
+ status:
+ description: ShareManagerStatus defines the observed state of the Longhorn share manager
+ properties:
+ endpoint:
+ type: string
+ ownerID:
+ type: string
+ state:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: snapshots.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Snapshot
+ listKind: SnapshotList
+ plural: snapshots
+ shortNames:
+ - lhsnap
+ singular: snapshot
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The volume that this snapshot belongs to
+ jsonPath: .spec.volume
+ name: Volume
+ type: string
+ - description: Timestamp when the point-in-time snapshot was taken
+ jsonPath: .status.creationTime
+ name: CreationTime
+ type: string
+ - description: Indicates if the snapshot is ready to be used to restore/backup a volume
+ jsonPath: .status.readyToUse
+ name: ReadyToUse
+ type: boolean
+ - description: Represents the minimum size of volume required to rehydrate from this snapshot
+ jsonPath: .status.restoreSize
+ name: RestoreSize
+ type: string
+ - description: The actual size of the snapshot
+ jsonPath: .status.size
+ name: Size
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Snapshot is the Schema for the snapshots API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SnapshotSpec defines the desired state of Longhorn Snapshot
+ properties:
+ createSnapshot:
+ description: require creating a new snapshot
+ type: boolean
+ labels:
+ additionalProperties:
+ type: string
+ description: The labels of snapshot
+ nullable: true
+ type: object
+ volume:
+ description: the volume that this snapshot belongs to. This field is immutable after creation. Required
+ type: string
+ required:
+ - volume
+ type: object
+ status:
+ description: SnapshotStatus defines the observed state of Longhorn Snapshot
+ properties:
+ checksum:
+ type: string
+ children:
+ additionalProperties:
+ type: boolean
+ nullable: true
+ type: object
+ creationTime:
+ type: string
+ error:
+ type: string
+ labels:
+ additionalProperties:
+ type: string
+ nullable: true
+ type: object
+ markRemoved:
+ type: boolean
+ ownerID:
+ type: string
+ parent:
+ type: string
+ readyToUse:
+ type: boolean
+ restoreSize:
+ format: int64
+ type: integer
+ size:
+ format: int64
+ type: integer
+ userCreated:
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: supportbundles.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: SupportBundle
+ listKind: SupportBundleList
+ plural: supportbundles
+ shortNames:
+ - lhbundle
+ singular: supportbundle
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The state of the support bundle
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The issue URL
+ jsonPath: .spec.issueURL
+ name: Issue
+ type: string
+ - description: A brief description of the issue
+ jsonPath: .spec.description
+ name: Description
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: SupportBundle is where Longhorn stores support bundle object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SupportBundleSpec defines the desired state of the Longhorn SupportBundle
+ properties:
+ description:
+ description: A brief description of the issue
+ type: string
+ issueURL:
+ description: The issue URL
+ nullable: true
+ type: string
+ nodeID:
+ description: The preferred responsible controller node ID.
+ type: string
+ required:
+ - description
+ type: object
+ status:
+ description: SupportBundleStatus defines the observed state of the Longhorn SupportBundle
+ properties:
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ type: array
+ filename:
+ type: string
+ filesize:
+ format: int64
+ type: integer
+ image:
+ description: The support bundle manager image
+ type: string
+ managerIP:
+ description: The support bundle manager IP
+ type: string
+ ownerID:
+ description: The current responsible controller node ID
+ type: string
+ progress:
+ type: integer
+ state:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: systembackups.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: SystemBackup
+ listKind: SystemBackupList
+ plural: systembackups
+ shortNames:
+ - lhsb
+ singular: systembackup
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The system backup Longhorn version
+ jsonPath: .status.version
+ name: Version
+ type: string
+ - description: The system backup state
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The system backup creation time
+ jsonPath: .status.createdAt
+ name: Created
+ type: string
+ - description: The last time that the system backup was synced into the cluster
+ jsonPath: .status.lastSyncedAt
+ name: LastSyncedAt
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: SystemBackup is where Longhorn stores system backup object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SystemBackupSpec defines the desired state of the Longhorn SystemBackup
+ type: object
+ status:
+ description: SystemBackupStatus defines the observed state of the Longhorn SystemBackup
+ properties:
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ createdAt:
+ description: The system backup creation time.
+ format: date-time
+ type: string
+ gitCommit:
+ description: The saved Longhorn manager git commit.
+ nullable: true
+ type: string
+ lastSyncedAt:
+ description: The last time that the system backup was synced into the cluster.
+ format: date-time
+ nullable: true
+ type: string
+ managerImage:
+ description: The saved manager image.
+ type: string
+ ownerID:
+ description: The node ID of the responsible controller to reconcile this SystemBackup.
+ type: string
+ state:
+ description: The system backup state.
+ type: string
+ version:
+ description: The saved Longhorn version.
+ nullable: true
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ creationTimestamp: null
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: systemrestores.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: SystemRestore
+ listKind: SystemRestoreList
+ plural: systemrestores
+ shortNames:
+ - lhsr
+ singular: systemrestore
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The system restore state
+ jsonPath: .status.state
+ name: State
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: SystemRestore is where Longhorn stores system restore object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SystemRestoreSpec defines the desired state of the Longhorn SystemRestore
+ properties:
+ systemBackup:
+ description: The system backup name in the object store.
+ type: string
+ required:
+ - systemBackup
+ type: object
+ status:
+ description: SystemRestoreStatus defines the observed state of the Longhorn SystemRestore
+ properties:
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ ownerID:
+ description: The node ID of the responsible controller to reconcile this SystemRestore.
+ type: string
+ sourceURL:
+ description: The source system backup URL.
+ type: string
+ state:
+ description: The system restore state.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.7.0
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ longhorn-manager: ""
+ name: volumes.longhorn.io
+spec:
+ preserveUnknownFields: false
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: longhorn-conversion-webhook
+ namespace: {{ include "release_namespace" . }}
+ path: /v1/webhook/conversion
+ port: 9443
+ conversionReviewVersions:
+ - v1beta2
+ - v1beta1
+ group: longhorn.io
+ names:
+ kind: Volume
+ listKind: VolumeList
+ plural: volumes
+ shortNames:
+ - lhv
+ singular: volume
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: The state of the volume
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The robustness of the volume
+ jsonPath: .status.robustness
+ name: Robustness
+ type: string
+ - description: The scheduled condition of the volume
+ jsonPath: .status.conditions['scheduled']['status']
+ name: Scheduled
+ type: string
+ - description: The size of the volume
+ jsonPath: .spec.size
+ name: Size
+ type: string
+ - description: The node that the volume is currently attaching to
+ jsonPath: .status.currentNodeID
+ name: Node
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Volume is where Longhorn stores volume object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - description: The state of the volume
+ jsonPath: .status.state
+ name: State
+ type: string
+ - description: The robustness of the volume
+ jsonPath: .status.robustness
+ name: Robustness
+ type: string
+ - description: The scheduled condition of the volume
+ jsonPath: .status.conditions[?(@.type=='Schedulable')].status
+ name: Scheduled
+ type: string
+ - description: The size of the volume
+ jsonPath: .spec.size
+ name: Size
+ type: string
+ - description: The node that the volume is currently attaching to
+ jsonPath: .status.currentNodeID
+ name: Node
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: Volume is where Longhorn stores volume object.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: VolumeSpec defines the desired state of the Longhorn volume
+ properties:
+ Standby:
+ type: boolean
+ accessMode:
+ enum:
+ - rwo
+ - rwx
+ type: string
+ backingImage:
+ type: string
+ baseImage:
+ description: Deprecated. Rename to BackingImage
+ type: string
+ dataLocality:
+ enum:
+ - disabled
+ - best-effort
+ - strict-local
+ type: string
+ dataSource:
+ type: string
+ disableFrontend:
+ type: boolean
+ diskSelector:
+ items:
+ type: string
+ type: array
+ encrypted:
+ type: boolean
+ engineImage:
+ type: string
+ fromBackup:
+ type: string
+ restoreVolumeRecurringJob:
+ enum:
+ - ignored
+ - enabled
+ - disabled
+ type: string
+ frontend:
+ enum:
+ - blockdev
+ - iscsi
+ - ""
+ type: string
+ lastAttachedBy:
+ type: string
+ migratable:
+ type: boolean
+ migrationNodeID:
+ type: string
+ nodeID:
+ type: string
+ nodeSelector:
+ items:
+ type: string
+ type: array
+ numberOfReplicas:
+ type: integer
+ recurringJobs:
+ description: Deprecated. Replaced by a separate resource named "RecurringJob"
+ items:
+ description: 'Deprecated: This field is useless and has been replaced by the RecurringJob CRD'
+ properties:
+ concurrency:
+ type: integer
+ cron:
+ type: string
+ groups:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ retain:
+ type: integer
+ task:
+ enum:
+ - snapshot
+ - snapshot-cleanup
+ - snapshot-delete
+ - backup
+ type: string
+ type: object
+ type: array
+ replicaAutoBalance:
+ enum:
+ - ignored
+ - disabled
+ - least-effort
+ - best-effort
+ type: string
+ revisionCounterDisabled:
+ type: boolean
+ size:
+ format: int64
+ type: string
+ snapshotDataIntegrity:
+ enum:
+ - ignored
+ - disabled
+ - enabled
+ - fast-check
+ type: string
+ staleReplicaTimeout:
+ type: integer
+ unmapMarkSnapChainRemoved:
+ enum:
+ - ignored
+ - disabled
+ - enabled
+ type: string
+ type: object
+ status:
+ description: VolumeStatus defines the observed state of the Longhorn volume
+ properties:
+ actualSize:
+ format: int64
+ type: integer
+ cloneStatus:
+ properties:
+ snapshot:
+ type: string
+ sourceVolume:
+ type: string
+ state:
+ type: string
+ type: object
+ conditions:
+ items:
+ properties:
+ lastProbeTime:
+ description: Last time we probed the condition.
+ type: string
+ lastTransitionTime:
+ description: Last time the condition transitioned from one status to another.
+ type: string
+ message:
+ description: Human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: Unique, one-word, CamelCase reason for the condition's last transition.
+ type: string
+ status:
+ description: Status is the status of the condition. Can be True, False, Unknown.
+ type: string
+ type:
+ description: Type is the type of the condition.
+ type: string
+ type: object
+ nullable: true
+ type: array
+ currentImage:
+ type: string
+ currentNodeID:
+ type: string
+ expansionRequired:
+ type: boolean
+ frontendDisabled:
+ type: boolean
+ isStandby:
+ type: boolean
+ kubernetesStatus:
+ properties:
+ lastPVCRefAt:
+ type: string
+ lastPodRefAt:
+ type: string
+ namespace:
+ description: determine if PVC/Namespace is history or not
+ type: string
+ pvName:
+ type: string
+ pvStatus:
+ type: string
+ pvcName:
+ type: string
+ workloadsStatus:
+ description: determine if Pod/Workload is history or not
+ items:
+ properties:
+ podName:
+ type: string
+ podStatus:
+ type: string
+ workloadName:
+ type: string
+ workloadType:
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ lastBackup:
+ type: string
+ lastBackupAt:
+ type: string
+ lastDegradedAt:
+ type: string
+ ownerID:
+ type: string
+ pendingNodeID:
+ type: string
+ remountRequestedAt:
+ type: string
+ restoreInitiated:
+ type: boolean
+ restoreRequired:
+ type: boolean
+ robustness:
+ type: string
+ shareEndpoint:
+ type: string
+ shareState:
+ type: string
+ state:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/charts/longhorn/templates/daemonset-sa.yaml b/charts/longhorn/templates/daemonset-sa.yaml
new file mode 100644
index 0000000..63f98cd
--- /dev/null
+++ b/charts/longhorn/templates/daemonset-sa.yaml
@@ -0,0 +1,147 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-manager
+ name: longhorn-manager
+ namespace: {{ include "release_namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: longhorn-manager
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-manager
+ {{- with .Values.annotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ initContainers:
+ - name: wait-longhorn-admission-webhook
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-admission-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done']
+ containers:
+ - name: longhorn-manager
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ privileged: true
+ command:
+ - longhorn-manager
+ - -d
+ {{- if eq .Values.longhornManager.log.format "json" }}
+ - -j
+ {{- end }}
+ - daemon
+ - --engine-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}"
+ - --instance-manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}"
+ - --share-manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}"
+ - --backing-image-manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.backingImageManager.repository }}:{{ .Values.image.longhorn.backingImageManager.tag }}"
+ - --support-bundle-manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.supportBundleKit.repository }}:{{ .Values.image.longhorn.supportBundleKit.tag }}"
+ - --manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}"
+ - --service-account
+ - longhorn-service-account
+ ports:
+ - containerPort: 9500
+ name: manager
+ readinessProbe:
+ tcpSocket:
+ port: 9500
+ volumeMounts:
+ - name: dev
+ mountPath: /host/dev/
+ - name: proc
+ mountPath: /host/proc/
+ - name: longhorn
+ mountPath: /var/lib/longhorn/
+ mountPropagation: Bidirectional
+ - name: longhorn-grpc-tls
+ mountPath: /tls-files/
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ volumes:
+ - name: dev
+ hostPath:
+ path: /dev/
+ - name: proc
+ hostPath:
+ path: /proc/
+ - name: longhorn
+ hostPath:
+ path: /var/lib/longhorn/
+ - name: longhorn-grpc-tls
+ secret:
+ secretName: longhorn-grpc-tls
+ optional: true
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornManager.priorityClass }}
+ priorityClassName: {{ .Values.longhornManager.priorityClass | quote }}
+ {{- end }}
+ {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }}
+ tolerations:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
+{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornManager.tolerations }}
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
+ nodeSelector:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
+{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.longhornManager.nodeSelector }}
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: "100%"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-manager
+ name: longhorn-backend
+ namespace: {{ include "release_namespace" . }}
+ {{- if .Values.longhornManager.serviceAnnotations }}
+ annotations:
+{{ toYaml .Values.longhornManager.serviceAnnotations | indent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.service.manager.type }}
+ sessionAffinity: ClientIP
+ selector:
+ app: longhorn-manager
+ ports:
+ - name: manager
+ port: 9500
+ targetPort: manager
+ {{- if .Values.service.manager.nodePort }}
+ nodePort: {{ .Values.service.manager.nodePort }}
+ {{- end }}
diff --git a/charts/longhorn/templates/default-setting.yaml b/charts/longhorn/templates/default-setting.yaml
new file mode 100644
index 0000000..49870a4
--- /dev/null
+++ b/charts/longhorn/templates/default-setting.yaml
@@ -0,0 +1,79 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: longhorn-default-setting
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+data:
+ default-setting.yaml: |-
+ {{ if not (kindIs "invalid" .Values.defaultSettings.backupTarget) }}backup-target: {{ .Values.defaultSettings.backupTarget }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.backupTargetCredentialSecret) }}backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.allowRecurringJobWhileVolumeDetached) }}allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.createDefaultDiskLabeledNodes) }}create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.defaultDataPath) }}default-data-path: {{ .Values.defaultSettings.defaultDataPath }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.replicaSoftAntiAffinity) }}replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.replicaAutoBalance) }}replica-auto-balance: {{ .Values.defaultSettings.replicaAutoBalance }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.storageOverProvisioningPercentage) }}storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.storageMinimalAvailablePercentage) }}storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.upgradeChecker) }}upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.defaultReplicaCount) }}default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.defaultDataLocality) }}default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.defaultLonghornStaticStorageClass) }}default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.backupstorePollInterval) }}backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.failedBackupTTL) }}failed-backup-ttl: {{ .Values.defaultSettings.failedBackupTTL }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.restoreVolumeRecurringJobs) }}restore-volume-recurring-jobs: {{ .Values.defaultSettings.restoreVolumeRecurringJobs }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.recurringSuccessfulJobsHistoryLimit) }}recurring-successful-jobs-history-limit: {{ .Values.defaultSettings.recurringSuccessfulJobsHistoryLimit }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.recurringFailedJobsHistoryLimit) }}recurring-failed-jobs-history-limit: {{ .Values.defaultSettings.recurringFailedJobsHistoryLimit }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.supportBundleFailedHistoryLimit) }}support-bundle-failed-history-limit: {{ .Values.defaultSettings.supportBundleFailedHistoryLimit }}{{ end }}
+ {{- if or (not (kindIs "invalid" .Values.defaultSettings.taintToleration)) (.Values.global.cattle.windowsCluster.enabled) }}
+ taint-toleration: {{ $windowsDefaultSettingTaintToleration := list }}{{ $defaultSettingTaintToleration := list -}}
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.defaultSetting.taintToleration -}}
+ {{- $windowsDefaultSettingTaintToleration = .Values.global.cattle.windowsCluster.defaultSetting.taintToleration -}}
+ {{- end -}}
+ {{- if not (kindIs "invalid" .Values.defaultSettings.taintToleration) -}}
+ {{- $defaultSettingTaintToleration = .Values.defaultSettings.taintToleration -}}
+ {{- end -}}
+ {{- $taintToleration := list $windowsDefaultSettingTaintToleration $defaultSettingTaintToleration }}{{ join ";" (compact $taintToleration) -}}
+ {{- end }}
+ {{- if or (not (kindIs "invalid" .Values.defaultSettings.systemManagedComponentsNodeSelector)) (.Values.global.cattle.windowsCluster.enabled) }}
+ system-managed-components-node-selector: {{ $windowsDefaultSettingNodeSelector := list }}{{ $defaultSettingNodeSelector := list -}}
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.defaultSetting.systemManagedComponentsNodeSelector -}}
+ {{ $windowsDefaultSettingNodeSelector = .Values.global.cattle.windowsCluster.defaultSetting.systemManagedComponentsNodeSelector -}}
+ {{- end -}}
+ {{- if not (kindIs "invalid" .Values.defaultSettings.systemManagedComponentsNodeSelector) -}}
+ {{- $defaultSettingNodeSelector = .Values.defaultSettings.systemManagedComponentsNodeSelector -}}
+ {{- end -}}
+ {{- $nodeSelector := list $windowsDefaultSettingNodeSelector $defaultSettingNodeSelector }}{{ join ";" (compact $nodeSelector) -}}
+ {{- end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.priorityClass) }}priority-class: {{ .Values.defaultSettings.priorityClass }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.autoSalvage) }}auto-salvage: {{ .Values.defaultSettings.autoSalvage }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly) }}auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.disableSchedulingOnCordonedNode) }}disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.replicaZoneSoftAntiAffinity) }}replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.nodeDownPodDeletionPolicy) }}node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica) }}allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.mkfsExt4Parameters) }}mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.disableReplicaRebuild) }}disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.replicaReplenishmentWaitInterval) }}replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit) }}concurrent-replica-rebuild-per-node-limit: {{ .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.concurrentVolumeBackupRestorePerNodeLimit) }}concurrent-volume-backup-restore-per-node-limit: {{ .Values.defaultSettings.concurrentVolumeBackupRestorePerNodeLimit }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.disableRevisionCounter) }}disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.systemManagedPodsImagePullPolicy) }}system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability) }}allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot) }}auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit) }}concurrent-automatic-engine-upgrade-per-node-limit: {{ .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.backingImageCleanupWaitInterval) }}backing-image-cleanup-wait-interval: {{ .Values.defaultSettings.backingImageCleanupWaitInterval }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.backingImageRecoveryWaitInterval) }}backing-image-recovery-wait-interval: {{ .Values.defaultSettings.backingImageRecoveryWaitInterval }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.guaranteedEngineManagerCPU) }}guaranteed-engine-manager-cpu: {{ .Values.defaultSettings.guaranteedEngineManagerCPU }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.guaranteedReplicaManagerCPU) }}guaranteed-replica-manager-cpu: {{ .Values.defaultSettings.guaranteedReplicaManagerCPU }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.kubernetesClusterAutoscalerEnabled) }}kubernetes-cluster-autoscaler-enabled: {{ .Values.defaultSettings.kubernetesClusterAutoscalerEnabled }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.orphanAutoDeletion) }}orphan-auto-deletion: {{ .Values.defaultSettings.orphanAutoDeletion }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.storageNetwork) }}storage-network: {{ .Values.defaultSettings.storageNetwork }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.deletingConfirmationFlag) }}deleting-confirmation-flag: {{ .Values.defaultSettings.deletingConfirmationFlag }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.engineReplicaTimeout) }}engine-replica-timeout: {{ .Values.defaultSettings.engineReplicaTimeout }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrity) }}snapshot-data-integrity: {{ .Values.defaultSettings.snapshotDataIntegrity }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation) }}snapshot-data-integrity-immediate-check-after-snapshot-creation: {{ .Values.defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrityCronjob) }}snapshot-data-integrity-cronjob: {{ .Values.defaultSettings.snapshotDataIntegrityCronjob }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.removeSnapshotsDuringFilesystemTrim) }}remove-snapshots-during-filesystem-trim: {{ .Values.defaultSettings.removeSnapshotsDuringFilesystemTrim }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.fastReplicaRebuildEnabled) }}fast-replica-rebuild-enabled: {{ .Values.defaultSettings.fastReplicaRebuildEnabled }}{{ end }}
+ {{ if not (kindIs "invalid" .Values.defaultSettings.replicaFileSyncHttpClientTimeout) }}replica-file-sync-http-client-timeout: {{ .Values.defaultSettings.replicaFileSyncHttpClientTimeout }}{{ end }}
\ No newline at end of file
diff --git a/charts/longhorn/templates/deployment-driver.yaml b/charts/longhorn/templates/deployment-driver.yaml
new file mode 100644
index 0000000..f162fbf
--- /dev/null
+++ b/charts/longhorn/templates/deployment-driver.yaml
@@ -0,0 +1,118 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: longhorn-driver-deployer
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: longhorn-driver-deployer
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-driver-deployer
+ spec:
+ initContainers:
+ - name: wait-longhorn-manager
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
+ containers:
+ - name: longhorn-driver-deployer
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command:
+ - longhorn-manager
+ - -d
+ - deploy-driver
+ - --manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}"
+ - --manager-url
+ - http://longhorn-backend:9500/v1
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: SERVICE_ACCOUNT
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.serviceAccountName
+ {{- if .Values.csi.kubeletRootDir }}
+ - name: KUBELET_ROOT_DIR
+ value: {{ .Values.csi.kubeletRootDir }}
+ {{- end }}
+ {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }}
+ - name: CSI_ATTACHER_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }}
+ - name: CSI_PROVISIONER_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }}
+ - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }}
+ - name: CSI_RESIZER_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }}
+ - name: CSI_SNAPSHOTTER_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.livenessProbe.repository .Values.image.csi.livenessProbe.tag }}
+ - name: CSI_LIVENESS_PROBE_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.livenessProbe.repository }}:{{ .Values.image.csi.livenessProbe.tag }}"
+ {{- end }}
+ {{- if .Values.csi.attacherReplicaCount }}
+ - name: CSI_ATTACHER_REPLICA_COUNT
+ value: {{ .Values.csi.attacherReplicaCount | quote }}
+ {{- end }}
+ {{- if .Values.csi.provisionerReplicaCount }}
+ - name: CSI_PROVISIONER_REPLICA_COUNT
+ value: {{ .Values.csi.provisionerReplicaCount | quote }}
+ {{- end }}
+ {{- if .Values.csi.resizerReplicaCount }}
+ - name: CSI_RESIZER_REPLICA_COUNT
+ value: {{ .Values.csi.resizerReplicaCount | quote }}
+ {{- end }}
+ {{- if .Values.csi.snapshotterReplicaCount }}
+ - name: CSI_SNAPSHOTTER_REPLICA_COUNT
+ value: {{ .Values.csi.snapshotterReplicaCount | quote }}
+ {{- end }}
+
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornDriver.priorityClass }}
+ priorityClassName: {{ .Values.longhornDriver.priorityClass | quote }}
+ {{- end }}
+ {{- if or .Values.longhornDriver.tolerations .Values.global.cattle.windowsCluster.enabled }}
+ tolerations:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
+{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornDriver.tolerations }}
+{{ toYaml .Values.longhornDriver.tolerations | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.longhornDriver.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
+ nodeSelector:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
+{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.longhornDriver.nodeSelector }}
+{{ toYaml .Values.longhornDriver.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+ securityContext:
+ runAsUser: 0
diff --git a/charts/longhorn/templates/deployment-recovery-backend.yaml b/charts/longhorn/templates/deployment-recovery-backend.yaml
new file mode 100644
index 0000000..81c8aba
--- /dev/null
+++ b/charts/longhorn/templates/deployment-recovery-backend.yaml
@@ -0,0 +1,83 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-recovery-backend
+ name: longhorn-recovery-backend
+ namespace: {{ include "release_namespace" . }}
+spec:
+ replicas: {{ .Values.longhornRecoveryBackend.replicas }}
+ selector:
+ matchLabels:
+ app: longhorn-recovery-backend
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-recovery-backend
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - longhorn-recovery-backend
+ topologyKey: kubernetes.io/hostname
+ containers:
+ - name: longhorn-recovery-backend
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ runAsUser: 2000
+ command:
+ - longhorn-manager
+ - recovery-backend
+ - --service-account
+ - longhorn-service-account
+ ports:
+ - containerPort: 9600
+ name: recov-backend
+ readinessProbe:
+ tcpSocket:
+ port: 9600
+ initialDelaySeconds: 3
+ periodSeconds: 5
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornRecoveryBackend.priorityClass }}
+ priorityClassName: {{ .Values.longhornRecoveryBackend.priorityClass | quote }}
+ {{- end }}
+ {{- if or .Values.longhornRecoveryBackend.tolerations .Values.global.cattle.windowsCluster.enabled }}
+ tolerations:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
+{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornRecoveryBackend.tolerations }}
+{{ toYaml .Values.longhornRecoveryBackend.tolerations | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.longhornRecoveryBackend.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
+ nodeSelector:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
+{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.longhornRecoveryBackend.nodeSelector }}
+{{ toYaml .Values.longhornRecoveryBackend.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
diff --git a/charts/longhorn/templates/deployment-ui.yaml b/charts/longhorn/templates/deployment-ui.yaml
new file mode 100644
index 0000000..6bad5cd
--- /dev/null
+++ b/charts/longhorn/templates/deployment-ui.yaml
@@ -0,0 +1,114 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-ui
+ name: longhorn-ui
+ namespace: {{ include "release_namespace" . }}
+spec:
+ replicas: {{ .Values.longhornUI.replicas }}
+ selector:
+ matchLabels:
+ app: longhorn-ui
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-ui
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - longhorn-ui
+ topologyKey: kubernetes.io/hostname
+ containers:
+ - name: longhorn-ui
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ volumeMounts:
+ - name : nginx-cache
+ mountPath: /var/cache/nginx/
+ - name : nginx-config
+ mountPath: /var/config/nginx/
+ - name: var-run
+ mountPath: /var/run/
+ ports:
+ - containerPort: 8000
+ name: http
+ env:
+ - name: LONGHORN_MANAGER_IP
+ value: "http://longhorn-backend:9500"
+ - name: LONGHORN_UI_PORT
+ value: "8000"
+ volumes:
+ - emptyDir: {}
+ name: nginx-cache
+ - emptyDir: {}
+ name: nginx-config
+ - emptyDir: {}
+ name: var-run
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornUI.priorityClass }}
+ priorityClassName: {{ .Values.longhornUI.priorityClass | quote }}
+ {{- end }}
+ {{- if or .Values.longhornUI.tolerations .Values.global.cattle.windowsCluster.enabled }}
+ tolerations:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
+{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornUI.tolerations }}
+{{ toYaml .Values.longhornUI.tolerations | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.longhornUI.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
+ nodeSelector:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
+{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.longhornUI.nodeSelector }}
+{{ toYaml .Values.longhornUI.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- end }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-ui
+ {{- if eq .Values.service.ui.type "Rancher-Proxy" }}
+ kubernetes.io/cluster-service: "true"
+ {{- end }}
+ name: longhorn-frontend
+ namespace: {{ include "release_namespace" . }}
+spec:
+ {{- if eq .Values.service.ui.type "Rancher-Proxy" }}
+ type: ClusterIP
+ {{- else }}
+ type: {{ .Values.service.ui.type }}
+ {{- end }}
+ {{- if and .Values.service.ui.loadBalancerIP (eq .Values.service.ui.type "LoadBalancer") }}
+ loadBalancerIP: {{ .Values.service.ui.loadBalancerIP }}
+ {{- end }}
+ {{- if and (eq .Values.service.ui.type "LoadBalancer") .Values.service.ui.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{- toYaml .Values.service.ui.loadBalancerSourceRanges | nindent 4 }}
+ {{- end }}
+ selector:
+ app: longhorn-ui
+ ports:
+ - name: http
+ port: 80
+ targetPort: http
+ {{- if .Values.service.ui.nodePort }}
+ nodePort: {{ .Values.service.ui.nodePort }}
+ {{- else }}
+ nodePort: null
+ {{- end }}
diff --git a/charts/longhorn/templates/deployment-webhook.yaml b/charts/longhorn/templates/deployment-webhook.yaml
new file mode 100644
index 0000000..c4d353a
--- /dev/null
+++ b/charts/longhorn/templates/deployment-webhook.yaml
@@ -0,0 +1,166 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-conversion-webhook
+ name: longhorn-conversion-webhook
+ namespace: {{ include "release_namespace" . }}
+spec:
+ replicas: {{ .Values.longhornConversionWebhook.replicas }}
+ selector:
+ matchLabels:
+ app: longhorn-conversion-webhook
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-conversion-webhook
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - longhorn-conversion-webhook
+ topologyKey: kubernetes.io/hostname
+ containers:
+ - name: longhorn-conversion-webhook
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ runAsUser: 2000
+ command:
+ - longhorn-manager
+ - conversion-webhook
+ - --service-account
+ - longhorn-service-account
+ ports:
+ - containerPort: 9443
+ name: conversion-wh
+ readinessProbe:
+ tcpSocket:
+ port: 9443
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornConversionWebhook.priorityClass }}
+ priorityClassName: {{ .Values.longhornConversionWebhook.priorityClass | quote }}
+ {{- end }}
+ {{- if or .Values.longhornConversionWebhook.tolerations .Values.global.cattle.windowsCluster.enabled }}
+ tolerations:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
+{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornConversionWebhook.tolerations }}
+{{ toYaml .Values.longhornConversionWebhook.tolerations | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.longhornConversionWebhook.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
+ nodeSelector:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
+{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.longhornConversionWebhook.nodeSelector }}
+{{ toYaml .Values.longhornConversionWebhook.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-admission-webhook
+ name: longhorn-admission-webhook
+ namespace: {{ include "release_namespace" . }}
+spec:
+ replicas: {{ .Values.longhornAdmissionWebhook.replicas }}
+ selector:
+ matchLabels:
+ app: longhorn-admission-webhook
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-admission-webhook
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - longhorn-admission-webhook
+ topologyKey: kubernetes.io/hostname
+ initContainers:
+ - name: wait-longhorn-conversion-webhook
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-conversion-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done']
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ runAsUser: 2000
+ containers:
+ - name: longhorn-admission-webhook
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ runAsUser: 2000
+ command:
+ - longhorn-manager
+ - admission-webhook
+ - --service-account
+ - longhorn-service-account
+ ports:
+ - containerPort: 9443
+ name: admission-wh
+ readinessProbe:
+ tcpSocket:
+ port: 9443
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornAdmissionWebhook.priorityClass }}
+ priorityClassName: {{ .Values.longhornAdmissionWebhook.priorityClass | quote }}
+ {{- end }}
+ {{- if or .Values.longhornAdmissionWebhook.tolerations .Values.global.cattle.windowsCluster.enabled }}
+ tolerations:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
+{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornAdmissionWebhook.tolerations }}
+{{ toYaml .Values.longhornAdmissionWebhook.tolerations | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.longhornAdmissionWebhook.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
+ nodeSelector:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
+{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.longhornAdmissionWebhook.nodeSelector }}
+{{ toYaml .Values.longhornAdmissionWebhook.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
diff --git a/charts/longhorn/templates/ingress.yaml b/charts/longhorn/templates/ingress.yaml
new file mode 100644
index 0000000..ee47f8b
--- /dev/null
+++ b/charts/longhorn/templates/ingress.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.ingress.enabled }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: longhorn-ingress
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-ingress
+ annotations:
+ {{- if .Values.ingress.secureBackends }}
+ ingress.kubernetes.io/secure-backends: "true"
+ {{- end }}
+ {{- range $key, $value := .Values.ingress.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+spec:
+ {{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.ingress.ingressClassName }}
+ {{- end }}
+ rules:
+ - host: {{ .Values.ingress.host }}
+ http:
+ paths:
+ - path: {{ default "" .Values.ingress.path }}
+ {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+ pathType: ImplementationSpecific
+ {{- end }}
+ backend:
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+ service:
+ name: longhorn-frontend
+ port:
+ number: 80
+ {{- else }}
+ serviceName: longhorn-frontend
+ servicePort: 80
+ {{- end }}
+{{- if .Values.ingress.tls }}
+ tls:
+ - hosts:
+ - {{ .Values.ingress.host }}
+ secretName: {{ .Values.ingress.tlsSecret }}
+{{- end }}
+{{- end }}
diff --git a/charts/longhorn/templates/postupgrade-job.yaml b/charts/longhorn/templates/postupgrade-job.yaml
new file mode 100644
index 0000000..b9b2eeb
--- /dev/null
+++ b/charts/longhorn/templates/postupgrade-job.yaml
@@ -0,0 +1,58 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+ name: longhorn-post-upgrade
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+ activeDeadlineSeconds: 900
+ backoffLimit: 1
+ template:
+ metadata:
+ name: longhorn-post-upgrade
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ spec:
+ containers:
+ - name: longhorn-post-upgrade
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ privileged: true
+ command:
+ - longhorn-manager
+ - post-upgrade
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ restartPolicy: OnFailure
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornManager.priorityClass }}
+ priorityClassName: {{ .Values.longhornManager.priorityClass | quote }}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+ {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }}
+ tolerations:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
+{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornManager.tolerations }}
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
+ nodeSelector:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
+{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if .Values.longhornManager.nodeSelector }}
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- end }}
diff --git a/charts/longhorn/templates/psp.yaml b/charts/longhorn/templates/psp.yaml
new file mode 100644
index 0000000..a2dfc05
--- /dev/null
+++ b/charts/longhorn/templates/psp.yaml
@@ -0,0 +1,66 @@
+{{- if .Values.enablePSP }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: longhorn-psp
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+ privileged: true
+ allowPrivilegeEscalation: true
+ requiredDropCapabilities:
+ - NET_RAW
+ allowedCapabilities:
+ - SYS_ADMIN
+ hostNetwork: false
+ hostIPC: false
+ hostPID: true
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ fsGroup:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - configMap
+ - downwardAPI
+ - emptyDir
+ - secret
+ - projected
+ - hostPath
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: longhorn-psp-role
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ namespace: {{ include "release_namespace" . }}
+rules:
+- apiGroups:
+ - policy
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+ resourceNames:
+ - longhorn-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: longhorn-psp-binding
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ namespace: {{ include "release_namespace" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: longhorn-psp-role
+subjects:
+- kind: ServiceAccount
+ name: longhorn-service-account
+ namespace: {{ include "release_namespace" . }}
+- kind: ServiceAccount
+ name: default
+ namespace: {{ include "release_namespace" . }}
+{{- end }}
diff --git a/charts/longhorn/templates/registry-secret.yaml b/charts/longhorn/templates/registry-secret.yaml
new file mode 100644
index 0000000..3c6b1dc
--- /dev/null
+++ b/charts/longhorn/templates/registry-secret.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.privateRegistry.createSecret }}
+{{- if .Values.privateRegistry.registrySecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.privateRegistry.registrySecret }}
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "secret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/longhorn/templates/serviceaccount.yaml b/charts/longhorn/templates/serviceaccount.yaml
new file mode 100644
index 0000000..a563d68
--- /dev/null
+++ b/charts/longhorn/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: longhorn-service-account
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: longhorn-support-bundle
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
\ No newline at end of file
diff --git a/charts/longhorn/templates/services.yaml b/charts/longhorn/templates/services.yaml
new file mode 100644
index 0000000..cd008db
--- /dev/null
+++ b/charts/longhorn/templates/services.yaml
@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-conversion-webhook
+ name: longhorn-conversion-webhook
+ namespace: {{ include "release_namespace" . }}
+spec:
+ type: ClusterIP
+ sessionAffinity: ClientIP
+ selector:
+ app: longhorn-conversion-webhook
+ ports:
+ - name: conversion-webhook
+ port: 9443
+ targetPort: conversion-wh
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-admission-webhook
+ name: longhorn-admission-webhook
+ namespace: {{ include "release_namespace" . }}
+spec:
+ type: ClusterIP
+ sessionAffinity: ClientIP
+ selector:
+ app: longhorn-admission-webhook
+ ports:
+ - name: admission-webhook
+ port: 9443
+ targetPort: admission-wh
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-recovery-backend
+ name: longhorn-recovery-backend
+ namespace: {{ include "release_namespace" . }}
+spec:
+ type: ClusterIP
+ sessionAffinity: ClientIP
+ selector:
+ app: longhorn-recovery-backend
+ ports:
+ - name: recovery-backend
+ port: 9600
+ targetPort: recov-backend
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ name: longhorn-engine-manager
+ namespace: {{ include "release_namespace" . }}
+spec:
+ clusterIP: None
+ selector:
+ longhorn.io/component: instance-manager
+ longhorn.io/instance-manager-type: engine
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ name: longhorn-replica-manager
+ namespace: {{ include "release_namespace" . }}
+spec:
+ clusterIP: None
+ selector:
+ longhorn.io/component: instance-manager
+ longhorn.io/instance-manager-type: replica
diff --git a/charts/longhorn/templates/storageclass.yaml b/charts/longhorn/templates/storageclass.yaml
new file mode 100644
index 0000000..6832517
--- /dev/null
+++ b/charts/longhorn/templates/storageclass.yaml
@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: longhorn-storageclass
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+data:
+ storageclass.yaml: |
+ kind: StorageClass
+ apiVersion: storage.k8s.io/v1
+ metadata:
+ name: longhorn
+ annotations:
+ storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }}
+ provisioner: driver.longhorn.io
+ allowVolumeExpansion: true
+ reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}"
+ volumeBindingMode: Immediate
+ parameters:
+ numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}"
+ staleReplicaTimeout: "30"
+ fromBackup: ""
+ {{- if .Values.persistence.defaultFsType }}
+ fsType: "{{ .Values.persistence.defaultFsType }}"
+ {{- end }}
+ {{- if .Values.persistence.defaultMkfsParams }}
+ mkfsParams: "{{ .Values.persistence.defaultMkfsParams }}"
+ {{- end }}
+ {{- if .Values.persistence.migratable }}
+ migratable: "{{ .Values.persistence.migratable }}"
+ {{- end }}
+ {{- if .Values.persistence.backingImage.enable }}
+ backingImage: {{ .Values.persistence.backingImage.name }}
+ backingImageDataSourceType: {{ .Values.persistence.backingImage.dataSourceType }}
+ backingImageDataSourceParameters: {{ .Values.persistence.backingImage.dataSourceParameters }}
+ backingImageChecksum: {{ .Values.persistence.backingImage.expectedChecksum }}
+ {{- end }}
+ {{- if .Values.persistence.recurringJobSelector.enable }}
+ recurringJobSelector: '{{ .Values.persistence.recurringJobSelector.jobList }}'
+ {{- end }}
+ dataLocality: {{ .Values.persistence.defaultDataLocality | quote }}
+ {{- if .Values.persistence.defaultNodeSelector.enable }}
+ nodeSelector: "{{ .Values.persistence.defaultNodeSelector.selector }}"
+ {{- end }}
diff --git a/charts/longhorn/templates/tls-secrets.yaml b/charts/longhorn/templates/tls-secrets.yaml
new file mode 100644
index 0000000..74c4342
--- /dev/null
+++ b/charts/longhorn/templates/tls-secrets.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .name }}
+ namespace: {{ include "release_namespace" $ }}
+ labels: {{- include "longhorn.labels" $ | nindent 4 }}
+ app: longhorn
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ .certificate | b64enc }}
+ tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/longhorn/templates/uninstall-job.yaml b/charts/longhorn/templates/uninstall-job.yaml
new file mode 100644
index 0000000..989933d
--- /dev/null
+++ b/charts/longhorn/templates/uninstall-job.yaml
@@ -0,0 +1,59 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ name: longhorn-uninstall
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+ activeDeadlineSeconds: 900
+ backoffLimit: 1
+ template:
+ metadata:
+ name: longhorn-uninstall
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ spec:
+ containers:
+ - name: longhorn-uninstall
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ privileged: true
+ command:
+ - longhorn-manager
+ - uninstall
+ - --force
+ env:
+ - name: LONGHORN_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ restartPolicy: Never
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornManager.priorityClass }}
+ priorityClassName: {{ .Values.longhornManager.priorityClass | quote }}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+ {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }}
+ tolerations:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }}
+{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornManager.tolerations }}
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }}
+ nodeSelector:
+ {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }}
+{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- if or .Values.longhornManager.nodeSelector }}
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+ {{- end }}
+ {{- end }}
diff --git a/charts/longhorn/templates/validate-psp-install.yaml b/charts/longhorn/templates/validate-psp-install.yaml
new file mode 100644
index 0000000..0df98e3
--- /dev/null
+++ b/charts/longhorn/templates/validate-psp-install.yaml
@@ -0,0 +1,7 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+#{{- if .Values.enablePSP }}
+#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }}
+#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}}
+#{{- end }}
+#{{- end }}
+#{{- end }}
\ No newline at end of file
diff --git a/charts/longhorn/values.yaml b/charts/longhorn/values.yaml
new file mode 100644
index 0000000..3ded6cd
--- /dev/null
+++ b/charts/longhorn/values.yaml
@@ -0,0 +1,332 @@
+# Default values for longhorn.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ windowsCluster:
+ # Enable this to allow Longhorn to run on the Rancher deployed Windows cluster
+ enabled: false
+ # Tolerate Linux node taint
+ tolerations:
+ - key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+ # Select Linux nodes
+ nodeSelector:
+ kubernetes.io/os: "linux"
+ # Recognize toleration and node selector for Longhorn run-time created components
+ defaultSetting:
+ taintToleration: cattle.io/os=linux:NoSchedule
+ systemManagedComponentsNodeSelector: kubernetes.io/os:linux
+
+image:
+ longhorn:
+ engine:
+ repository: longhornio/longhorn-engine
+ tag: v1.4.1
+ manager:
+ repository: longhornio/longhorn-manager
+ tag: v1.4.1
+ ui:
+ repository: longhornio/longhorn-ui
+ tag: v1.4.1
+ instanceManager:
+ repository: longhornio/longhorn-instance-manager
+ tag: v1.4.1
+ shareManager:
+ repository: longhornio/longhorn-share-manager
+ tag: v1.4.1
+ backingImageManager:
+ repository: longhornio/backing-image-manager
+ tag: v1.4.1
+ supportBundleKit:
+ repository: longhornio/support-bundle-kit
+ tag: v0.0.19
+ csi:
+ attacher:
+ repository: longhornio/csi-attacher
+ tag: v3.4.0
+ provisioner:
+ repository: longhornio/csi-provisioner
+ tag: v2.1.2
+ nodeDriverRegistrar:
+ repository: longhornio/csi-node-driver-registrar
+ tag: v2.5.0
+ resizer:
+ repository: longhornio/csi-resizer
+ tag: v1.3.0
+ snapshotter:
+ repository: longhornio/csi-snapshotter
+ tag: v5.0.1
+ livenessProbe:
+ repository: longhornio/livenessprobe
+ tag: v2.8.0
+ pullPolicy: IfNotPresent
+
+service:
+ ui:
+ type: ClusterIP
+ nodePort: null
+ manager:
+ type: ClusterIP
+ nodePort: ""
+ loadBalancerIP: ""
+ loadBalancerSourceRanges: ""
+
+persistence:
+ defaultClass: true
+ defaultFsType: ext4
+ defaultMkfsParams: ""
+ defaultClassReplicaCount: 3
+ defaultDataLocality: disabled # best-effort otherwise
+ reclaimPolicy: Delete
+ migratable: false
+ recurringJobSelector:
+ enable: false
+ jobList: []
+ backingImage:
+ enable: false
+ name: ~
+ dataSourceType: ~
+ dataSourceParameters: ~
+ expectedChecksum: ~
+ defaultNodeSelector:
+ enable: false # disable by default
+ selector: []
+ removeSnapshotsDuringFilesystemTrim: ignored # "enabled" or "disabled" otherwise
+
+csi:
+ kubeletRootDir: ~
+ attacherReplicaCount: ~
+ provisionerReplicaCount: ~
+ resizerReplicaCount: ~
+ snapshotterReplicaCount: ~
+
+defaultSettings:
+ backupTarget: ~
+ backupTargetCredentialSecret: ~
+ allowRecurringJobWhileVolumeDetached: ~
+ createDefaultDiskLabeledNodes: ~
+ defaultDataPath: ~
+ defaultDataLocality: ~
+ replicaSoftAntiAffinity: ~
+ replicaAutoBalance: ~
+ storageOverProvisioningPercentage: ~
+ storageMinimalAvailablePercentage: ~
+ upgradeChecker: ~
+ defaultReplicaCount: ~
+ defaultLonghornStaticStorageClass: ~
+ backupstorePollInterval: ~
+ failedBackupTTL: ~
+ restoreVolumeRecurringJobs: ~
+ recurringSuccessfulJobsHistoryLimit: ~
+ recurringFailedJobsHistoryLimit: ~
+ supportBundleFailedHistoryLimit: ~
+ taintToleration: ~
+ systemManagedComponentsNodeSelector: ~
+ priorityClass: ~
+ autoSalvage: ~
+ autoDeletePodWhenVolumeDetachedUnexpectedly: ~
+ disableSchedulingOnCordonedNode: ~
+ replicaZoneSoftAntiAffinity: ~
+ nodeDownPodDeletionPolicy: ~
+ allowNodeDrainWithLastHealthyReplica: ~
+ mkfsExt4Parameters: ~
+ disableReplicaRebuild: ~
+ replicaReplenishmentWaitInterval: ~
+ concurrentReplicaRebuildPerNodeLimit: ~
+ concurrentVolumeBackupRestorePerNodeLimit: ~
+ disableRevisionCounter: ~
+ systemManagedPodsImagePullPolicy: ~
+ allowVolumeCreationWithDegradedAvailability: ~
+ autoCleanupSystemGeneratedSnapshot: ~
+ concurrentAutomaticEngineUpgradePerNodeLimit: ~
+ backingImageCleanupWaitInterval: ~
+ backingImageRecoveryWaitInterval: ~
+ guaranteedEngineManagerCPU: ~
+ guaranteedReplicaManagerCPU: ~
+ kubernetesClusterAutoscalerEnabled: ~
+ orphanAutoDeletion: ~
+ storageNetwork: ~
+ deletingConfirmationFlag: ~
+ engineReplicaTimeout: ~
+ snapshotDataIntegrity: ~
+ snapshotDataIntegrityImmediateCheckAfterSnapshotCreation: ~
+ snapshotDataIntegrityCronjob: ~
+ removeSnapshotsDuringFilesystemTrim: ~
+ fastReplicaRebuildEnabled: ~
+ replicaFileSyncHttpClientTimeout: ~
+privateRegistry:
+ createSecret: ~
+ registryUrl: ~
+ registryUser: ~
+ registryPasswd: ~
+ registrySecret: ~
+
+longhornManager:
+ log:
+ ## Allowed values are `plain` or `json`.
+ format: plain
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+ serviceAnnotations: {}
+ ## If you want to set annotations for the Longhorn Manager service, delete the `{}` in the line above
+ ## and uncomment this example block
+ # annotation-key1: "annotation-value1"
+ # annotation-key2: "annotation-value2"
+
+longhornDriver:
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+
+longhornUI:
+ replicas: 2
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+
+longhornConversionWebhook:
+ replicas: 2
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn conversion webhook Deployment, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn conversion webhook Deployment, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+
+longhornAdmissionWebhook:
+ replicas: 2
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn admission webhook Deployment, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn admission webhook Deployment, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+
+longhornRecoveryBackend:
+ replicas: 2
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn recovery backend Deployment, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn recovery backend Deployment, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+
+ingress:
+ ## Set to true to enable ingress record generation
+ enabled: false
+
+ ## Add ingressClassName to the Ingress
+ ## Can replace the kubernetes.io/ingress.class annotation on v1.18+
+ ingressClassName: ~
+
+ host: sslip.io
+
+ ## Set this to true in order to enable TLS on the ingress record
+ tls: false
+
+ ## Enable this in order to enable that the backend service will be connected at port 443
+ secureBackends: false
+
+ ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
+ tlsSecret: longhorn.local-tls
+
+ ## If ingress is enabled you can set the default ingress path
+ ## then you can access the UI by using the following full path {{host}}+{{path}}
+ path: /
+
+ ## Ingress annotations done as key:value pairs
+ ## If you're using kube-lego, you will want to add:
+ ## kubernetes.io/tls-acme: true
+ ##
+ ## For a full list of possible ingress annotations, please see
+ ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md
+ ##
+ ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
+ annotations:
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: true
+
+ secrets:
+ ## If you're providing your own certificates, please use this to add the certificates as secrets
+ ## key and certificate should start with -----BEGIN CERTIFICATE----- or
+ ## -----BEGIN RSA PRIVATE KEY-----
+ ##
+ ## name should line up with a tlsSecret set further up
+ ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set
+ ##
+ ## It is also possible to create and manage the certificates outside of this helm chart
+ ## Please see README.md for more information
+ # - name: longhorn.local-tls
+ # key:
+ # certificate:
+
+# For Kubernetes < v1.25, if your cluster enables Pod Security Policy admission controller,
+# set this to `true` to ship longhorn-psp which allow privileged Longhorn pods to start
+enablePSP: false
+
+## Specify override namespace, specifically this is useful for using longhorn as sub-chart
+## and its release namespace is not the `longhorn-system`
+namespaceOverride: ""
+
+# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional.
+annotations: {}
+
+serviceAccount:
+ # Annotations to add to the service account
+ annotations: {}
diff --git a/charts/metallb-config/.helmignore b/charts/metallb-config/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/metallb-config/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/metallb-config/Chart.yaml b/charts/metallb-config/Chart.yaml
new file mode 100644
index 0000000..5200ea8
--- /dev/null
+++ b/charts/metallb-config/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: metallb-config
+description: A Helm chart to configure Metallb for PCloud
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/metallb-config/templates/ip-address-pool.yaml b/charts/metallb-config/templates/ip-address-pool.yaml
new file mode 100644
index 0000000..626d481
--- /dev/null
+++ b/charts/metallb-config/templates/ip-address-pool.yaml
@@ -0,0 +1,17 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+ name: local
+ namespace: {{ .Release.Namespace }}
+spec:
+ addresses:
+ - {{ .Values.from }}-{{ .Values.to }}
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+ name: l2-advertisement
+ namespace: metallb-system
+spec:
+ ipAddressPools:
+ - local
diff --git a/charts/metallb-config/values.yaml b/charts/metallb-config/values.yaml
new file mode 100644
index 0000000..1a5f4fe
--- /dev/null
+++ b/charts/metallb-config/values.yaml
@@ -0,0 +1,2 @@
+from: 192.168.0.200
+to: 192.168.0.250
diff --git a/charts/metallb/.helmignore b/charts/metallb/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/metallb/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/metallb/Chart.yaml b/charts/metallb/Chart.yaml
new file mode 100644
index 0000000..76e774d
--- /dev/null
+++ b/charts/metallb/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+appVersion: v0.13.7
+description: A network load-balancer implementation for Kubernetes using standard
+ routing protocols
+home: https://metallb.universe.tf
+icon: https://metallb.universe.tf/images/logo/metallb-white.png
+name: metallb
+sources:
+- https://github.com/metallb/metallb
+type: application
+version: 0.13.7
diff --git a/charts/metallb/README.md b/charts/metallb/README.md
new file mode 100644
index 0000000..25cb5d4
--- /dev/null
+++ b/charts/metallb/README.md
@@ -0,0 +1,148 @@
+# metallb
+
+  
+
+A network load-balancer implementation for Kubernetes using standard routing protocols
+
+**Homepage:** <https://metallb.universe.tf>
+
+## Source Code
+
+* <https://github.com/metallb/metallb>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| | crds | 0.0.0 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| controller.affinity | object | `{}` | |
+| controller.enabled | bool | `true` | |
+| controller.image.pullPolicy | string | `nil` | |
+| controller.image.repository | string | `"quay.io/metallb/controller"` | |
+| controller.image.tag | string | `nil` | |
+| controller.livenessProbe.enabled | bool | `true` | |
+| controller.livenessProbe.failureThreshold | int | `3` | |
+| controller.livenessProbe.initialDelaySeconds | int | `10` | |
+| controller.livenessProbe.periodSeconds | int | `10` | |
+| controller.livenessProbe.successThreshold | int | `1` | |
+| controller.livenessProbe.timeoutSeconds | int | `1` | |
+| controller.logLevel | string | `"info"` | Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` |
+| controller.nodeSelector | object | `{}` | |
+| controller.podAnnotations | object | `{}` | |
+| controller.priorityClassName | string | `""` | |
+| controller.readinessProbe.enabled | bool | `true` | |
+| controller.readinessProbe.failureThreshold | int | `3` | |
+| controller.readinessProbe.initialDelaySeconds | int | `10` | |
+| controller.readinessProbe.periodSeconds | int | `10` | |
+| controller.readinessProbe.successThreshold | int | `1` | |
+| controller.readinessProbe.timeoutSeconds | int | `1` | |
+| controller.resources | object | `{}` | |
+| controller.runtimeClassName | string | `""` | |
+| controller.securityContext.fsGroup | int | `65534` | |
+| controller.securityContext.runAsNonRoot | bool | `true` | |
+| controller.securityContext.runAsUser | int | `65534` | |
+| controller.serviceAccount.annotations | object | `{}` | |
+| controller.serviceAccount.create | bool | `true` | |
+| controller.serviceAccount.name | string | `""` | |
+| controller.strategy.type | string | `"RollingUpdate"` | |
+| controller.tolerations | list | `[]` | |
+| crds.enabled | bool | `true` | |
+| crds.validationFailurePolicy | string | `"Fail"` | |
+| fullnameOverride | string | `""` | |
+| imagePullSecrets | list | `[]` | |
+| loadBalancerClass | string | `""` | |
+| nameOverride | string | `""` | |
+| prometheus.controllerMetricsTLSSecret | string | `""` | |
+| prometheus.metricsPort | int | `7472` | |
+| prometheus.namespace | string | `""` | |
+| prometheus.podMonitor.additionalLabels | object | `{}` | |
+| prometheus.podMonitor.annotations | object | `{}` | |
+| prometheus.podMonitor.enabled | bool | `false` | |
+| prometheus.podMonitor.interval | string | `nil` | |
+| prometheus.podMonitor.jobLabel | string | `"app.kubernetes.io/name"` | |
+| prometheus.podMonitor.metricRelabelings | list | `[]` | |
+| prometheus.podMonitor.relabelings | list | `[]` | |
+| prometheus.prometheusRule.additionalLabels | object | `{}` | |
+| prometheus.prometheusRule.addressPoolExhausted.enabled | bool | `true` | |
+| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"alert"` | |
+| prometheus.prometheusRule.addressPoolUsage.enabled | bool | `true` | |
+| prometheus.prometheusRule.addressPoolUsage.thresholds[0].labels.severity | string | `"warning"` | |
+| prometheus.prometheusRule.addressPoolUsage.thresholds[0].percent | int | `75` | |
+| prometheus.prometheusRule.addressPoolUsage.thresholds[1].labels.severity | string | `"warning"` | |
+| prometheus.prometheusRule.addressPoolUsage.thresholds[1].percent | int | `85` | |
+| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"alert"` | |
+| prometheus.prometheusRule.addressPoolUsage.thresholds[2].percent | int | `95` | |
+| prometheus.prometheusRule.annotations | object | `{}` | |
+| prometheus.prometheusRule.bgpSessionDown.enabled | bool | `true` | |
+| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"alert"` | |
+| prometheus.prometheusRule.configNotLoaded.enabled | bool | `true` | |
+| prometheus.prometheusRule.configNotLoaded.labels.severity | string | `"warning"` | |
+| prometheus.prometheusRule.enabled | bool | `false` | |
+| prometheus.prometheusRule.extraAlerts | list | `[]` | |
+| prometheus.prometheusRule.staleConfig.enabled | bool | `true` | |
+| prometheus.prometheusRule.staleConfig.labels.severity | string | `"warning"` | |
+| prometheus.rbacPrometheus | bool | `true` | |
+| prometheus.rbacProxy.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | |
+| prometheus.rbacProxy.tag | string | `"v0.12.0"` | |
+| prometheus.scrapeAnnotations | bool | `false` | |
+| prometheus.serviceAccount | string | `""` | |
+| prometheus.serviceMonitor.controller.additionalLabels | object | `{}` | |
+| prometheus.serviceMonitor.controller.annotations | object | `{}` | |
+| prometheus.serviceMonitor.controller.tlsConfig.insecureSkipVerify | bool | `true` | |
+| prometheus.serviceMonitor.enabled | bool | `false` | |
+| prometheus.serviceMonitor.interval | string | `nil` | |
+| prometheus.serviceMonitor.jobLabel | string | `"app.kubernetes.io/name"` | |
+| prometheus.serviceMonitor.metricRelabelings | list | `[]` | |
+| prometheus.serviceMonitor.relabelings | list | `[]` | |
+| prometheus.serviceMonitor.speaker.additionalLabels | object | `{}` | |
+| prometheus.serviceMonitor.speaker.annotations | object | `{}` | |
+| prometheus.serviceMonitor.speaker.tlsConfig.insecureSkipVerify | bool | `true` | |
+| prometheus.speakerMetricsTLSSecret | string | `""` | |
+| rbac.create | bool | `true` | |
+| speaker.affinity | object | `{}` | |
+| speaker.enabled | bool | `true` | |
+| speaker.frr.enabled | bool | `false` | |
+| speaker.frr.image.pullPolicy | string | `nil` | |
+| speaker.frr.image.repository | string | `"frrouting/frr"` | |
+| speaker.frr.image.tag | string | `"v7.5.1"` | |
+| speaker.frr.metricsPort | int | `7473` | |
+| speaker.frr.resources | object | `{}` | |
+| speaker.frrMetrics.resources | object | `{}` | |
+| speaker.image.pullPolicy | string | `nil` | |
+| speaker.image.repository | string | `"quay.io/metallb/speaker"` | |
+| speaker.image.tag | string | `nil` | |
+| speaker.livenessProbe.enabled | bool | `true` | |
+| speaker.livenessProbe.failureThreshold | int | `3` | |
+| speaker.livenessProbe.initialDelaySeconds | int | `10` | |
+| speaker.livenessProbe.periodSeconds | int | `10` | |
+| speaker.livenessProbe.successThreshold | int | `1` | |
+| speaker.livenessProbe.timeoutSeconds | int | `1` | |
+| speaker.logLevel | string | `"info"` | Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` |
+| speaker.memberlist.enabled | bool | `true` | |
+| speaker.memberlist.mlBindPort | int | `7946` | |
+| speaker.nodeSelector | object | `{}` | |
+| speaker.podAnnotations | object | `{}` | |
+| speaker.priorityClassName | string | `""` | |
+| speaker.readinessProbe.enabled | bool | `true` | |
+| speaker.readinessProbe.failureThreshold | int | `3` | |
+| speaker.readinessProbe.initialDelaySeconds | int | `10` | |
+| speaker.readinessProbe.periodSeconds | int | `10` | |
+| speaker.readinessProbe.successThreshold | int | `1` | |
+| speaker.readinessProbe.timeoutSeconds | int | `1` | |
+| speaker.reloader.resources | object | `{}` | |
+| speaker.resources | object | `{}` | |
+| speaker.runtimeClassName | string | `""` | |
+| speaker.serviceAccount.annotations | object | `{}` | |
+| speaker.serviceAccount.create | bool | `true` | |
+| speaker.serviceAccount.name | string | `""` | |
+| speaker.tolerateMaster | bool | `true` | |
+| speaker.tolerations | list | `[]` | |
+| speaker.updateStrategy.type | string | `"RollingUpdate"` | |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
diff --git a/charts/metallb/templates/manifest.yaml b/charts/metallb/templates/manifest.yaml
new file mode 100644
index 0000000..bbcf54e
--- /dev/null
+++ b/charts/metallb/templates/manifest.yaml
@@ -0,0 +1,4001 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ name: addresspools.metallb.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /convert
+ conversionReviewVersions:
+ - v1alpha1
+ - v1beta1
+ group: metallb.io
+ names:
+ kind: AddressPool
+ listKind: AddressPoolList
+ plural: addresspools
+ singular: addresspool
+ scope: Namespaced
+ versions:
+ - deprecated: true
+ deprecationWarning: metallb.io v1alpha1 AddressPool is deprecated
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: AddressPool is the Schema for the addresspools API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AddressPoolSpec defines the desired state of AddressPool.
+ properties:
+ addresses:
+ description: A list of IP address ranges over which MetalLB has authority.
+ You can list multiple ranges in a single pool, they will all share
+ the same settings. Each range can be either a CIDR prefix, or an
+ explicit start-end range of IPs.
+ items:
+ type: string
+ type: array
+ autoAssign:
+ default: true
+ description: AutoAssign flag used to prevent MetallB from automatic
+ allocation for a pool.
+ type: boolean
+ bgpAdvertisements:
+ description: When an IP is allocated from this pool, how should it
+ be translated into BGP announcements?
+ items:
+ properties:
+ aggregationLength:
+ default: 32
+ description: The aggregation-length advertisement option lets
+ you “roll up” the /32s into a larger prefix.
+ format: int32
+ minimum: 1
+ type: integer
+ aggregationLengthV6:
+ default: 128
+ description: Optional, defaults to 128 (i.e. no aggregation)
+ if not specified.
+ format: int32
+ type: integer
+ communities:
+ description: BGP communities
+ items:
+ type: string
+ type: array
+ localPref:
+ description: BGP LOCAL_PREF attribute which is used by BGP best
+ path algorithm, Path with higher localpref is preferred over
+ one with lower localpref.
+ format: int32
+ type: integer
+ type: object
+ type: array
+ protocol:
+ description: Protocol can be used to select how the announcement is
+ done.
+ enum:
+ - layer2
+ - bgp
+ type: string
+ required:
+ - addresses
+ - protocol
+ type: object
+ status:
+ description: AddressPoolStatus defines the observed state of AddressPool.
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - deprecated: true
+ deprecationWarning: metallb.io v1beta1 AddressPool is deprecated, consider using
+ IPAddressPool
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: AddressPool represents a pool of IP addresses that can be allocated
+ to LoadBalancer services. AddressPool is deprecated and being replaced by
+ IPAddressPool.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AddressPoolSpec defines the desired state of AddressPool.
+ properties:
+ addresses:
+ description: A list of IP address ranges over which MetalLB has authority.
+ You can list multiple ranges in a single pool, they will all share
+ the same settings. Each range can be either a CIDR prefix, or an
+ explicit start-end range of IPs.
+ items:
+ type: string
+ type: array
+ autoAssign:
+ default: true
+ description: AutoAssign flag used to prevent MetallB from automatic
+ allocation for a pool.
+ type: boolean
+ bgpAdvertisements:
+ description: Drives how an IP allocated from this pool should translated
+ into BGP announcements.
+ items:
+ properties:
+ aggregationLength:
+ default: 32
+ description: The aggregation-length advertisement option lets
+ you “roll up” the /32s into a larger prefix.
+ format: int32
+ minimum: 1
+ type: integer
+ aggregationLengthV6:
+ default: 128
+ description: Optional, defaults to 128 (i.e. no aggregation)
+ if not specified.
+ format: int32
+ type: integer
+ communities:
+ description: BGP communities to be associated with the given
+ advertisement.
+ items:
+ type: string
+ type: array
+ localPref:
+ description: BGP LOCAL_PREF attribute which is used by BGP best
+ path algorithm, Path with higher localpref is preferred over
+ one with lower localpref.
+ format: int32
+ type: integer
+ type: object
+ type: array
+ protocol:
+ description: Protocol can be used to select how the announcement is
+ done.
+ enum:
+ - layer2
+ - bgp
+ type: string
+ required:
+ - addresses
+ - protocol
+ type: object
+ status:
+ description: AddressPoolStatus defines the observed state of AddressPool.
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: bfdprofiles.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: BFDProfile
+ listKind: BFDProfileList
+ plural: bfdprofiles
+ singular: bfdprofile
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.passiveMode
+ name: Passive Mode
+ type: boolean
+ - jsonPath: .spec.transmitInterval
+ name: Transmit Interval
+ type: integer
+ - jsonPath: .spec.receiveInterval
+ name: Receive Interval
+ type: integer
+ - jsonPath: .spec.detectMultiplier
+ name: Multiplier
+ type: integer
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BFDProfile represents the settings of the bfd session that can
+ be optionally associated with a BGP session.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BFDProfileSpec defines the desired state of BFDProfile.
+ properties:
+ detectMultiplier:
+ description: Configures the detection multiplier to determine packet
+ loss. The remote transmission interval will be multiplied by this
+ value to determine the connection loss detection timer.
+ format: int32
+ maximum: 255
+ minimum: 2
+ type: integer
+ echoInterval:
+ description: Configures the minimal echo receive transmission interval
+ that this system is capable of handling in milliseconds. Defaults
+ to 50ms
+ format: int32
+ maximum: 60000
+ minimum: 10
+ type: integer
+ echoMode:
+ description: Enables or disables the echo transmission mode. This
+ mode is disabled by default, and not supported on multi hops setups.
+ type: boolean
+ minimumTtl:
+ description: 'For multi hop sessions only: configure the minimum expected
+ TTL for an incoming BFD control packet.'
+ format: int32
+ maximum: 254
+ minimum: 1
+ type: integer
+ passiveMode:
+ description: 'Mark session as passive: a passive session will not
+ attempt to start the connection and will wait for control packets
+ from peer before it begins replying.'
+ type: boolean
+ receiveInterval:
+ description: The minimum interval that this system is capable of receiving
+ control packets in milliseconds. Defaults to 300ms.
+ format: int32
+ maximum: 60000
+ minimum: 10
+ type: integer
+ transmitInterval:
+ description: The minimum transmission interval (less jitter) that
+ this system wants to use to send BFD control packets in milliseconds.
+ Defaults to 300ms
+ format: int32
+ maximum: 60000
+ minimum: 10
+ type: integer
+ type: object
+ status:
+ description: BFDProfileStatus defines the observed state of BFDProfile.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: bgpadvertisements.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: BGPAdvertisement
+ listKind: BGPAdvertisementList
+ plural: bgpadvertisements
+ singular: bgpadvertisement
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.ipAddressPools
+ name: IPAddressPools
+ type: string
+ - jsonPath: .spec.ipAddressPoolSelectors
+ name: IPAddressPool Selectors
+ type: string
+ - jsonPath: .spec.peers
+ name: Peers
+ type: string
+ - jsonPath: .spec.nodeSelectors
+ name: Node Selectors
+ priority: 10
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BGPAdvertisement allows to advertise the IPs coming from the
+ selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement.
+ properties:
+ aggregationLength:
+ default: 32
+ description: The aggregation-length advertisement option lets you
+ “roll up” the /32s into a larger prefix. Defaults to 32. Works for
+ IPv4 addresses.
+ format: int32
+ minimum: 1
+ type: integer
+ aggregationLengthV6:
+ default: 128
+ description: The aggregation-length advertisement option lets you
+ “roll up” the /128s into a larger prefix. Defaults to 128. Works
+ for IPv6 addresses.
+ format: int32
+ type: integer
+ communities:
+ description: The BGP communities to be associated with the announcement.
+ Each item can be a community of the form 1234:1234 or the name of
+ an alias defined in the Community CRD.
+ items:
+ type: string
+ type: array
+ ipAddressPoolSelectors:
+ description: A selector for the IPAddressPools which would get advertised
+ via this advertisement. If no IPAddressPool is selected by this
+ or by the list, the advertisement is applied to all the IPAddressPools.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ ipAddressPools:
+ description: The list of IPAddressPools to advertise via this advertisement,
+ selected by name.
+ items:
+ type: string
+ type: array
+ localPref:
+ description: The BGP LOCAL_PREF attribute which is used by BGP best
+ path algorithm, Path with higher localpref is preferred over one
+ with lower localpref.
+ format: int32
+ type: integer
+ nodeSelectors:
+ description: NodeSelectors allows to limit the nodes to announce as
+ next hops for the LoadBalancer IP. When empty, all the nodes having are
+ announced as next hops.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ peers:
+ description: Peers limits the bgppeer to advertise the ips of the
+ selected pools to. When empty, the loadbalancer IP is announced
+ to all the BGPPeers configured.
+ items:
+ type: string
+ type: array
+ type: object
+ status:
+ description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ name: bgppeers.metallb.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /convert
+ conversionReviewVersions:
+ - v1beta1
+ - v1beta2
+ group: metallb.io
+ names:
+ kind: BGPPeer
+ listKind: BGPPeerList
+ plural: bgppeers
+ singular: bgppeer
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.peerAddress
+ name: Address
+ type: string
+ - jsonPath: .spec.peerASN
+ name: ASN
+ type: string
+ - jsonPath: .spec.bfdProfile
+ name: BFD Profile
+ type: string
+ - jsonPath: .spec.ebgpMultiHop
+ name: Multi Hops
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BGPPeer is the Schema for the peers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPPeerSpec defines the desired state of Peer.
+ properties:
+ bfdProfile:
+ type: string
+ ebgpMultiHop:
+ description: EBGP peer is multi-hops away
+ type: boolean
+ holdTime:
+ description: Requested BGP hold time, per RFC4271.
+ type: string
+ keepaliveTime:
+ description: Requested BGP keepalive time, per RFC4271.
+ type: string
+ myASN:
+ description: AS number to use for the local end of the session.
+ format: int32
+ maximum: 4294967295
+ minimum: 0
+ type: integer
+ nodeSelectors:
+ description: Only connect to this peer on nodes that match one of
+ these selectors.
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ minItems: 1
+ type: array
+ required:
+ - key
+ - operator
+ - values
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ type: array
+ password:
+ description: Authentication password for routers enforcing TCP MD5
+ authenticated sessions
+ type: string
+ peerASN:
+ description: AS number to expect from the remote end of the session.
+ format: int32
+ maximum: 4294967295
+ minimum: 0
+ type: integer
+ peerAddress:
+ description: Address to dial when establishing the session.
+ type: string
+ peerPort:
+ description: Port to dial when establishing the session.
+ maximum: 16384
+ minimum: 0
+ type: integer
+ routerID:
+ description: BGP router ID to advertise to the peer
+ type: string
+ sourceAddress:
+ description: Source address to use when establishing the session.
+ type: string
+ required:
+ - myASN
+ - peerASN
+ - peerAddress
+ type: object
+ status:
+ description: BGPPeerStatus defines the observed state of Peer.
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.peerAddress
+ name: Address
+ type: string
+ - jsonPath: .spec.peerASN
+ name: ASN
+ type: string
+ - jsonPath: .spec.bfdProfile
+ name: BFD Profile
+ type: string
+ - jsonPath: .spec.ebgpMultiHop
+ name: Multi Hops
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: BGPPeer is the Schema for the peers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPPeerSpec defines the desired state of Peer.
+ properties:
+ bfdProfile:
+ description: The name of the BFD Profile to be used for the BFD session
+ associated to the BGP session. If not set, the BFD session won't
+ be set up.
+ type: string
+ ebgpMultiHop:
+ description: To set if the BGPPeer is multi-hops away. Needed for
+ FRR mode only.
+ type: boolean
+ holdTime:
+ description: Requested BGP hold time, per RFC4271.
+ type: string
+ keepaliveTime:
+ description: Requested BGP keepalive time, per RFC4271.
+ type: string
+ myASN:
+ description: AS number to use for the local end of the session.
+ format: int32
+ maximum: 4294967295
+ minimum: 0
+ type: integer
+ nodeSelectors:
+ description: Only connect to this peer on nodes that match one of
+ these selectors.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ password:
+ description: Authentication password for routers enforcing TCP MD5
+ authenticated sessions
+ type: string
+ passwordSecret:
+ description: passwordSecret is name of the authentication secret for
+ BGP Peer. the secret must be of type "kubernetes.io/basic-auth",
+ and created in the same namespace as the MetalLB deployment. The
+ password is stored in the secret as the key "password".
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ peerASN:
+ description: AS number to expect from the remote end of the session.
+ format: int32
+ maximum: 4294967295
+ minimum: 0
+ type: integer
+ peerAddress:
+ description: Address to dial when establishing the session.
+ type: string
+ peerPort:
+ default: 179
+ description: Port to dial when establishing the session.
+ maximum: 16384
+ minimum: 0
+ type: integer
+ routerID:
+ description: BGP router ID to advertise to the peer
+ type: string
+ sourceAddress:
+ description: Source address to use when establishing the session.
+ type: string
+ vrf:
+ description: To set if we want to peer with the BGPPeer using an interface
+ belonging to a host vrf
+ type: string
+ required:
+ - myASN
+ - peerASN
+ - peerAddress
+ type: object
+ status:
+ description: BGPPeerStatus defines the observed state of Peer.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: communities.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: Community
+ listKind: CommunityList
+ plural: communities
+ singular: community
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Community is a collection of aliases for communities. Users can
+ define named aliases to be used in the BGPPeer CRD.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CommunitySpec defines the desired state of Community.
+ properties:
+ communities:
+ items:
+ properties:
+ name:
+ description: The name of the alias for the community.
+ type: string
+ value:
+ description: The BGP community value corresponding to the given
+ name.
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ description: CommunityStatus defines the observed state of Community.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: ipaddresspools.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: IPAddressPool
+ listKind: IPAddressPoolList
+ plural: ipaddresspools
+ singular: ipaddresspool
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.autoAssign
+ name: Auto Assign
+ type: boolean
+ - jsonPath: .spec.avoidBuggyIPs
+ name: Avoid Buggy IPs
+ type: boolean
+ - jsonPath: .spec.addresses
+ name: Addresses
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: IPAddressPool represents a pool of IP addresses that can be allocated
+ to LoadBalancer services.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressPoolSpec defines the desired state of IPAddressPool.
+ properties:
+ addresses:
+ description: A list of IP address ranges over which MetalLB has authority.
+ You can list multiple ranges in a single pool, they will all share
+ the same settings. Each range can be either a CIDR prefix, or an
+ explicit start-end range of IPs.
+ items:
+ type: string
+ type: array
+ autoAssign:
+ default: true
+ description: AutoAssign flag used to prevent MetallB from automatic
+ allocation for a pool.
+ type: boolean
+ avoidBuggyIPs:
+ default: false
+ description: AvoidBuggyIPs prevents addresses ending with .0 and .255
+ to be used by a pool.
+ type: boolean
+ serviceAllocation:
+ description: AllocateTo makes ip pool allocation to specific namespace
+ and/or service. The controller will use the pool with lowest value
+ of priority in case of multiple matches. A pool with no priority
+ set will be used only if the pools with priority can't be used.
+ If multiple matching IPAddressPools are available it will check
+ for the availability of IPs sorting the matching IPAddressPools
+ by priority, starting from the highest to the lowest. If multiple
+ IPAddressPools have the same priority, choice will be random.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors list of label selectors to select
+ namespace(s) for ip pool, an alternative to using namespace
+ list.
+ items:
+ description: A label selector is a label query over a set of
+ resources. The result of matchLabels and matchExpressions
+ are ANDed. An empty label selector matches all objects. A
+ null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ namespaces:
+ description: Namespaces list of namespace(s) on which ip pool
+ can be attached.
+ items:
+ type: string
+ type: array
+ priority:
+ description: Priority priority given for ip pool while ip allocation
+ on a service.
+ type: integer
+ serviceSelectors:
+ description: ServiceSelectors list of label selector to select
+ service(s) for which ip pool can be used for ip allocation.
+ items:
+ description: A label selector is a label query over a set of
+ resources. The result of matchLabels and matchExpressions
+ are ANDed. An empty label selector matches all objects. A
+ null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ required:
+ - addresses
+ type: object
+ status:
+ description: IPAddressPoolStatus defines the observed state of IPAddressPool.
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: l2advertisements.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: L2Advertisement
+ listKind: L2AdvertisementList
+ plural: l2advertisements
+ singular: l2advertisement
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.ipAddressPools
+ name: IPAddressPools
+ type: string
+ - jsonPath: .spec.ipAddressPoolSelectors
+ name: IPAddressPool Selectors
+ type: string
+ - jsonPath: .spec.interfaces
+ name: Interfaces
+ type: string
+ - jsonPath: .spec.nodeSelectors
+ name: Node Selectors
+ priority: 10
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: L2Advertisement allows to advertise the LoadBalancer IPs provided
+ by the selected pools via L2.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: L2AdvertisementSpec defines the desired state of L2Advertisement.
+ properties:
+ interfaces:
+ description: A list of interfaces to announce from. The LB IP will
+ be announced only from these interfaces. If the field is not set,
+ we advertise from all the interfaces on the host.
+ items:
+ type: string
+ type: array
+ ipAddressPoolSelectors:
+ description: A selector for the IPAddressPools which would get advertised
+ via this advertisement. If no IPAddressPool is selected by this
+ or by the list, the advertisement is applied to all the IPAddressPools.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ ipAddressPools:
+ description: The list of IPAddressPools to advertise via this advertisement,
+ selected by name.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ description: NodeSelectors allows to limit the nodes to announce as
+ next hops for the LoadBalancer IP. When empty, all the nodes having are
+ announced as next hops.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ status:
+ description: L2AdvertisementStatus defines the observed state of L2Advertisement.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: metallb
+ name: speaker
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resourceNames:
+ - memberlist
+ resources:
+ - secrets
+ verbs:
+ - list
+- apiGroups:
+ - apps
+ resourceNames:
+ - controller
+ resources:
+ - deployments
+ verbs:
+ - get
+- apiGroups:
+ - metallb.io
+ resources:
+ - bgppeers
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - metallb.io
+ resources:
+ - addresspools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bfdprofiles
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - ipaddresspools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bgpadvertisements
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - l2advertisements
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - communities
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app: metallb
+ name: pod-lister
+ namespace: metallb-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - addresspools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bfdprofiles
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bgppeers
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - l2advertisements
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bgpadvertisements
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - ipaddresspools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - communities
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:controller
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - services
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - services/status
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - policy
+ resourceNames:
+ - controller
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+- apiGroups:
+ - admissionregistration.k8s.io
+ resourceNames:
+ - metallb-webhook-configuration
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resourceNames:
+ - addresspools.metallb.io
+ - bfdprofiles.metallb.io
+ - bgpadvertisements.metallb.io
+ - bgppeers.metallb.io
+ - ipaddresspools.metallb.io
+ - l2advertisements.metallb.io
+ - communities.metallb.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:speaker
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - services
+ - endpoints
+ - nodes
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - policy
+ resourceNames:
+ - speaker
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: controller
+subjects:
+- kind: ServiceAccount
+ name: controller
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: pod-lister
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: pod-lister
+subjects:
+- kind: ServiceAccount
+ name: speaker
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: metallb-system:controller
+subjects:
+- kind: ServiceAccount
+ name: controller
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:speaker
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: metallb-system:speaker
+subjects:
+- kind: ServiceAccount
+ name: speaker
+ namespace: metallb-system
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: webhook-server-cert
+ namespace: metallb-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: webhook-service
+ namespace: metallb-system
+spec:
+ ports:
+ - port: 443
+ targetPort: 9443
+ selector:
+ component: controller
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: metallb
+ component: controller
+ name: controller
+ namespace: metallb-system
+spec:
+ revisionHistoryLimit: 3
+ selector:
+ matchLabels:
+ app: metallb
+ component: controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "7472"
+ prometheus.io/scrape: "true"
+ labels:
+ app: metallb
+ component: controller
+ spec:
+ containers:
+ - args:
+ - --port=7472
+ - --log-level=info
+ env:
+ - name: METALLB_ML_SECRET_NAME
+ value: memberlist
+ - name: METALLB_DEPLOYMENT
+ value: controller
+ image: quay.io/metallb/controller:v0.13.9
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /metrics
+ port: monitoring
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ name: controller
+ ports:
+ - containerPort: 7472
+ name: monitoring
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /metrics
+ port: monitoring
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ fsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+ serviceAccountName: controller
+ terminationGracePeriodSeconds: 0
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: webhook-server-cert
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ app: metallb
+ component: speaker
+ name: speaker
+ namespace: metallb-system
+spec:
+ selector:
+ matchLabels:
+ app: metallb
+ component: speaker
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "7472"
+ prometheus.io/scrape: "true"
+ labels:
+ app: metallb
+ component: speaker
+ spec:
+ containers:
+ - args:
+ - --port=7472
+ - --log-level=info
+ env:
+ - name: METALLB_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: METALLB_HOST
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: METALLB_ML_BIND_ADDR
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: METALLB_ML_LABELS
+ value: app=metallb,component=speaker
+ - name: METALLB_ML_SECRET_KEY_PATH
+ value: /etc/ml_secret_key
+ image: quay.io/metallb/speaker:v0.13.9
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /metrics
+ port: monitoring
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ name: speaker
+ ports:
+ - containerPort: 7472
+ name: monitoring
+ - containerPort: 7946
+ name: memberlist-tcp
+ - containerPort: 7946
+ name: memberlist-udp
+ protocol: UDP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /metrics
+ port: monitoring
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ add:
+ - NET_RAW
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /etc/ml_secret_key
+ name: memberlist
+ readOnly: true
+ hostNetwork: true
+ nodeSelector:
+ kubernetes.io/os: linux
+ serviceAccountName: speaker
+ terminationGracePeriodSeconds: 2
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ operator: Exists
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ volumes:
+ - name: memberlist
+ secret:
+ defaultMode: 420
+ secretName: memberlist
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ creationTimestamp: null
+ name: metallb-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta2-bgppeer
+ failurePolicy: Fail
+ name: bgppeersvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - bgppeers
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-addresspool
+ failurePolicy: Fail
+ name: addresspoolvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - addresspools
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-bfdprofile
+ failurePolicy: Fail
+ name: bfdprofilevalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - DELETE
+ resources:
+ - bfdprofiles
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-bgpadvertisement
+ failurePolicy: Fail
+ name: bgpadvertisementvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - bgpadvertisements
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-community
+ failurePolicy: Fail
+ name: communityvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - communities
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-ipaddresspool
+ failurePolicy: Fail
+ name: ipaddresspoolvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ipaddresspools
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-l2advertisement
+ failurePolicy: Fail
+ name: l2advertisementvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - l2advertisements
+ sideEffects: None
+
+# apiVersion: apiextensions.k8s.io/v1
+# kind: CustomResourceDefinition
+# metadata:
+# annotations:
+# controller-gen.kubebuilder.io/version: v0.11.1
+# name: addresspools.metallb.io
+# spec:
+# conversion:
+# strategy: Webhook
+# webhook:
+# clientConfig:
+# caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /convert
+# conversionReviewVersions:
+# - v1alpha1
+# - v1beta1
+# group: metallb.io
+# names:
+# kind: AddressPool
+# listKind: AddressPoolList
+# plural: addresspools
+# singular: addresspool
+# scope: Namespaced
+# versions:
+# - deprecated: true
+# deprecationWarning: metallb.io v1alpha1 AddressPool is deprecated
+# name: v1alpha1
+# schema:
+# openAPIV3Schema:
+# description: AddressPool is the Schema for the addresspools API.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: AddressPoolSpec defines the desired state of AddressPool.
+# properties:
+# addresses:
+# description: A list of IP address ranges over which MetalLB has authority.
+# You can list multiple ranges in a single pool, they will all share
+# the same settings. Each range can be either a CIDR prefix, or an
+# explicit start-end range of IPs.
+# items:
+# type: string
+# type: array
+# autoAssign:
+# default: true
+# description: AutoAssign flag used to prevent MetallB from automatic
+# allocation for a pool.
+# type: boolean
+# bgpAdvertisements:
+# description: When an IP is allocated from this pool, how should it
+# be translated into BGP announcements?
+# items:
+# properties:
+# aggregationLength:
+# default: 32
+# description: The aggregation-length advertisement option lets
+# you “roll up” the /32s into a larger prefix.
+# format: int32
+# minimum: 1
+# type: integer
+# aggregationLengthV6:
+# default: 128
+# description: Optional, defaults to 128 (i.e. no aggregation)
+# if not specified.
+# format: int32
+# type: integer
+# communities:
+# description: BGP communities
+# items:
+# type: string
+# type: array
+# localPref:
+# description: BGP LOCAL_PREF attribute which is used by BGP best
+# path algorithm, Path with higher localpref is preferred over
+# one with lower localpref.
+# format: int32
+# type: integer
+# type: object
+# type: array
+# protocol:
+# description: Protocol can be used to select how the announcement is
+# done.
+# enum:
+# - layer2
+# - bgp
+# type: string
+# required:
+# - addresses
+# - protocol
+# type: object
+# status:
+# description: AddressPoolStatus defines the observed state of AddressPool.
+# type: object
+# required:
+# - spec
+# type: object
+# served: true
+# storage: false
+# subresources:
+# status: {}
+# - deprecated: true
+# deprecationWarning: metallb.io v1beta1 AddressPool is deprecated, consider using
+# IPAddressPool
+# name: v1beta1
+# schema:
+# openAPIV3Schema:
+# description: AddressPool represents a pool of IP addresses that can be allocated
+# to LoadBalancer services. AddressPool is deprecated and being replaced by
+# IPAddressPool.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: AddressPoolSpec defines the desired state of AddressPool.
+# properties:
+# addresses:
+# description: A list of IP address ranges over which MetalLB has authority.
+# You can list multiple ranges in a single pool, they will all share
+# the same settings. Each range can be either a CIDR prefix, or an
+# explicit start-end range of IPs.
+# items:
+# type: string
+# type: array
+# autoAssign:
+# default: true
+# description: AutoAssign flag used to prevent MetallB from automatic
+# allocation for a pool.
+# type: boolean
+# bgpAdvertisements:
+# description: Drives how an IP allocated from this pool should translated
+# into BGP announcements.
+# items:
+# properties:
+# aggregationLength:
+# default: 32
+# description: The aggregation-length advertisement option lets
+# you “roll up” the /32s into a larger prefix.
+# format: int32
+# minimum: 1
+# type: integer
+# aggregationLengthV6:
+# default: 128
+# description: Optional, defaults to 128 (i.e. no aggregation)
+# if not specified.
+# format: int32
+# type: integer
+# communities:
+# description: BGP communities to be associated with the given
+# advertisement.
+# items:
+# type: string
+# type: array
+# localPref:
+# description: BGP LOCAL_PREF attribute which is used by BGP best
+# path algorithm, Path with higher localpref is preferred over
+# one with lower localpref.
+# format: int32
+# type: integer
+# type: object
+# type: array
+# protocol:
+# description: Protocol can be used to select how the announcement is
+# done.
+# enum:
+# - layer2
+# - bgp
+# type: string
+# required:
+# - addresses
+# - protocol
+# type: object
+# status:
+# description: AddressPoolStatus defines the observed state of AddressPool.
+# type: object
+# required:
+# - spec
+# type: object
+# served: true
+# storage: true
+# subresources:
+# status: {}
+# ---
+# apiVersion: apiextensions.k8s.io/v1
+# kind: CustomResourceDefinition
+# metadata:
+# annotations:
+# controller-gen.kubebuilder.io/version: v0.11.1
+# creationTimestamp: null
+# name: bfdprofiles.metallb.io
+# spec:
+# group: metallb.io
+# names:
+# kind: BFDProfile
+# listKind: BFDProfileList
+# plural: bfdprofiles
+# singular: bfdprofile
+# scope: Namespaced
+# versions:
+# - additionalPrinterColumns:
+# - jsonPath: .spec.passiveMode
+# name: Passive Mode
+# type: boolean
+# - jsonPath: .spec.transmitInterval
+# name: Transmit Interval
+# type: integer
+# - jsonPath: .spec.receiveInterval
+# name: Receive Interval
+# type: integer
+# - jsonPath: .spec.detectMultiplier
+# name: Multiplier
+# type: integer
+# name: v1beta1
+# schema:
+# openAPIV3Schema:
+# description: BFDProfile represents the settings of the bfd session that can
+# be optionally associated with a BGP session.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: BFDProfileSpec defines the desired state of BFDProfile.
+# properties:
+# detectMultiplier:
+# description: Configures the detection multiplier to determine packet
+# loss. The remote transmission interval will be multiplied by this
+# value to determine the connection loss detection timer.
+# format: int32
+# maximum: 255
+# minimum: 2
+# type: integer
+# echoInterval:
+# description: Configures the minimal echo receive transmission interval
+# that this system is capable of handling in milliseconds. Defaults
+# to 50ms
+# format: int32
+# maximum: 60000
+# minimum: 10
+# type: integer
+# echoMode:
+# description: Enables or disables the echo transmission mode. This
+# mode is disabled by default, and not supported on multi hops setups.
+# type: boolean
+# minimumTtl:
+# description: 'For multi hop sessions only: configure the minimum expected
+# TTL for an incoming BFD control packet.'
+# format: int32
+# maximum: 254
+# minimum: 1
+# type: integer
+# passiveMode:
+# description: 'Mark session as passive: a passive session will not
+# attempt to start the connection and will wait for control packets
+# from peer before it begins replying.'
+# type: boolean
+# receiveInterval:
+# description: The minimum interval that this system is capable of receiving
+# control packets in milliseconds. Defaults to 300ms.
+# format: int32
+# maximum: 60000
+# minimum: 10
+# type: integer
+# transmitInterval:
+# description: The minimum transmission interval (less jitter) that
+# this system wants to use to send BFD control packets in milliseconds.
+# Defaults to 300ms
+# format: int32
+# maximum: 60000
+# minimum: 10
+# type: integer
+# type: object
+# status:
+# description: BFDProfileStatus defines the observed state of BFDProfile.
+# type: object
+# type: object
+# served: true
+# storage: true
+# subresources:
+# status: {}
+# ---
+# apiVersion: apiextensions.k8s.io/v1
+# kind: CustomResourceDefinition
+# metadata:
+# annotations:
+# controller-gen.kubebuilder.io/version: v0.11.1
+# creationTimestamp: null
+# name: bgpadvertisements.metallb.io
+# spec:
+# group: metallb.io
+# names:
+# kind: BGPAdvertisement
+# listKind: BGPAdvertisementList
+# plural: bgpadvertisements
+# singular: bgpadvertisement
+# scope: Namespaced
+# versions:
+# - additionalPrinterColumns:
+# - jsonPath: .spec.ipAddressPools
+# name: IPAddressPools
+# type: string
+# - jsonPath: .spec.ipAddressPoolSelectors
+# name: IPAddressPool Selectors
+# type: string
+# - jsonPath: .spec.peers
+# name: Peers
+# type: string
+# - jsonPath: .spec.nodeSelectors
+# name: Node Selectors
+# priority: 10
+# type: string
+# name: v1beta1
+# schema:
+# openAPIV3Schema:
+# description: BGPAdvertisement allows to advertise the IPs coming from the
+# selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement.
+# properties:
+# aggregationLength:
+# default: 32
+# description: The aggregation-length advertisement option lets you
+# “roll up” the /32s into a larger prefix. Defaults to 32. Works for
+# IPv4 addresses.
+# format: int32
+# minimum: 1
+# type: integer
+# aggregationLengthV6:
+# default: 128
+# description: The aggregation-length advertisement option lets you
+# “roll up” the /128s into a larger prefix. Defaults to 128. Works
+# for IPv6 addresses.
+# format: int32
+# type: integer
+# communities:
+# description: The BGP communities to be associated with the announcement.
+# Each item can be a community of the form 1234:1234 or the name of
+# an alias defined in the Community CRD.
+# items:
+# type: string
+# type: array
+# ipAddressPoolSelectors:
+# description: A selector for the IPAddressPools which would get advertised
+# via this advertisement. If no IPAddressPool is selected by this
+# or by the list, the advertisement is applied to all the IPAddressPools.
+# items:
+# description: A label selector is a label query over a set of resources.
+# The result of matchLabels and matchExpressions are ANDed. An empty
+# label selector matches all objects. A null label selector matches
+# no objects.
+# properties:
+# matchExpressions:
+# description: matchExpressions is a list of label selector requirements.
+# The requirements are ANDed.
+# items:
+# description: A label selector requirement is a selector that
+# contains values, a key, and an operator that relates the
+# key and values.
+# properties:
+# key:
+# description: key is the label key that the selector applies
+# to.
+# type: string
+# operator:
+# description: operator represents a key's relationship
+# to a set of values. Valid operators are In, NotIn, Exists
+# and DoesNotExist.
+# type: string
+# values:
+# description: values is an array of string values. If the
+# operator is In or NotIn, the values array must be non-empty.
+# If the operator is Exists or DoesNotExist, the values
+# array must be empty. This array is replaced during a
+# strategic merge patch.
+# items:
+# type: string
+# type: array
+# required:
+# - key
+# - operator
+# type: object
+# type: array
+# matchLabels:
+# additionalProperties:
+# type: string
+# description: matchLabels is a map of {key,value} pairs. A single
+# {key,value} in the matchLabels map is equivalent to an element
+# of matchExpressions, whose key field is "key", the operator
+# is "In", and the values array contains only "value". The requirements
+# are ANDed.
+# type: object
+# type: object
+# x-kubernetes-map-type: atomic
+# type: array
+# ipAddressPools:
+# description: The list of IPAddressPools to advertise via this advertisement,
+# selected by name.
+# items:
+# type: string
+# type: array
+# localPref:
+# description: The BGP LOCAL_PREF attribute which is used by BGP best
+# path algorithm, Path with higher localpref is preferred over one
+# with lower localpref.
+# format: int32
+# type: integer
+# nodeSelectors:
+# description: NodeSelectors allows to limit the nodes to announce as
+# next hops for the LoadBalancer IP. When empty, all the nodes having are
+# announced as next hops.
+# items:
+# description: A label selector is a label query over a set of resources.
+# The result of matchLabels and matchExpressions are ANDed. An empty
+# label selector matches all objects. A null label selector matches
+# no objects.
+# properties:
+# matchExpressions:
+# description: matchExpressions is a list of label selector requirements.
+# The requirements are ANDed.
+# items:
+# description: A label selector requirement is a selector that
+# contains values, a key, and an operator that relates the
+# key and values.
+# properties:
+# key:
+# description: key is the label key that the selector applies
+# to.
+# type: string
+# operator:
+# description: operator represents a key's relationship
+# to a set of values. Valid operators are In, NotIn, Exists
+# and DoesNotExist.
+# type: string
+# values:
+# description: values is an array of string values. If the
+# operator is In or NotIn, the values array must be non-empty.
+# If the operator is Exists or DoesNotExist, the values
+# array must be empty. This array is replaced during a
+# strategic merge patch.
+# items:
+# type: string
+# type: array
+# required:
+# - key
+# - operator
+# type: object
+# type: array
+# matchLabels:
+# additionalProperties:
+# type: string
+# description: matchLabels is a map of {key,value} pairs. A single
+# {key,value} in the matchLabels map is equivalent to an element
+# of matchExpressions, whose key field is "key", the operator
+# is "In", and the values array contains only "value". The requirements
+# are ANDed.
+# type: object
+# type: object
+# x-kubernetes-map-type: atomic
+# type: array
+# peers:
+# description: Peers limits the bgppeer to advertise the ips of the
+# selected pools to. When empty, the loadbalancer IP is announced
+# to all the BGPPeers configured.
+# items:
+# type: string
+# type: array
+# type: object
+# status:
+# description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement.
+# type: object
+# type: object
+# served: true
+# storage: true
+# subresources:
+# status: {}
+# ---
+# apiVersion: apiextensions.k8s.io/v1
+# kind: CustomResourceDefinition
+# metadata:
+# annotations:
+# controller-gen.kubebuilder.io/version: v0.11.1
+# name: bgppeers.metallb.io
+# spec:
+# conversion:
+# strategy: Webhook
+# webhook:
+# clientConfig:
+# caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /convert
+# conversionReviewVersions:
+# - v1beta1
+# - v1beta2
+# group: metallb.io
+# names:
+# kind: BGPPeer
+# listKind: BGPPeerList
+# plural: bgppeers
+# singular: bgppeer
+# scope: Namespaced
+# versions:
+# - additionalPrinterColumns:
+# - jsonPath: .spec.peerAddress
+# name: Address
+# type: string
+# - jsonPath: .spec.peerASN
+# name: ASN
+# type: string
+# - jsonPath: .spec.bfdProfile
+# name: BFD Profile
+# type: string
+# - jsonPath: .spec.ebgpMultiHop
+# name: Multi Hops
+# type: string
+# name: v1beta1
+# schema:
+# openAPIV3Schema:
+# description: BGPPeer is the Schema for the peers API.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: BGPPeerSpec defines the desired state of Peer.
+# properties:
+# bfdProfile:
+# type: string
+# ebgpMultiHop:
+# description: EBGP peer is multi-hops away
+# type: boolean
+# holdTime:
+# description: Requested BGP hold time, per RFC4271.
+# type: string
+# keepaliveTime:
+# description: Requested BGP keepalive time, per RFC4271.
+# type: string
+# myASN:
+# description: AS number to use for the local end of the session.
+# format: int32
+# maximum: 4294967295
+# minimum: 0
+# type: integer
+# nodeSelectors:
+# description: Only connect to this peer on nodes that match one of
+# these selectors.
+# items:
+# properties:
+# matchExpressions:
+# items:
+# properties:
+# key:
+# type: string
+# operator:
+# type: string
+# values:
+# items:
+# type: string
+# minItems: 1
+# type: array
+# required:
+# - key
+# - operator
+# - values
+# type: object
+# type: array
+# matchLabels:
+# additionalProperties:
+# type: string
+# type: object
+# type: object
+# type: array
+# password:
+# description: Authentication password for routers enforcing TCP MD5
+# authenticated sessions
+# type: string
+# peerASN:
+# description: AS number to expect from the remote end of the session.
+# format: int32
+# maximum: 4294967295
+# minimum: 0
+# type: integer
+# peerAddress:
+# description: Address to dial when establishing the session.
+# type: string
+# peerPort:
+# description: Port to dial when establishing the session.
+# maximum: 16384
+# minimum: 0
+# type: integer
+# routerID:
+# description: BGP router ID to advertise to the peer
+# type: string
+# sourceAddress:
+# description: Source address to use when establishing the session.
+# type: string
+# required:
+# - myASN
+# - peerASN
+# - peerAddress
+# type: object
+# status:
+# description: BGPPeerStatus defines the observed state of Peer.
+# type: object
+# type: object
+# served: true
+# storage: false
+# subresources:
+# status: {}
+# - additionalPrinterColumns:
+# - jsonPath: .spec.peerAddress
+# name: Address
+# type: string
+# - jsonPath: .spec.peerASN
+# name: ASN
+# type: string
+# - jsonPath: .spec.bfdProfile
+# name: BFD Profile
+# type: string
+# - jsonPath: .spec.ebgpMultiHop
+# name: Multi Hops
+# type: string
+# name: v1beta2
+# schema:
+# openAPIV3Schema:
+# description: BGPPeer is the Schema for the peers API.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: BGPPeerSpec defines the desired state of Peer.
+# properties:
+# bfdProfile:
+# description: The name of the BFD Profile to be used for the BFD session
+# associated to the BGP session. If not set, the BFD session won't
+# be set up.
+# type: string
+# ebgpMultiHop:
+# description: To set if the BGPPeer is multi-hops away. Needed for
+# FRR mode only.
+# type: boolean
+# holdTime:
+# description: Requested BGP hold time, per RFC4271.
+# type: string
+# keepaliveTime:
+# description: Requested BGP keepalive time, per RFC4271.
+# type: string
+# myASN:
+# description: AS number to use for the local end of the session.
+# format: int32
+# maximum: 4294967295
+# minimum: 0
+# type: integer
+# nodeSelectors:
+# description: Only connect to this peer on nodes that match one of
+# these selectors.
+# items:
+# description: A label selector is a label query over a set of resources.
+# The result of matchLabels and matchExpressions are ANDed. An empty
+# label selector matches all objects. A null label selector matches
+# no objects.
+# properties:
+# matchExpressions:
+# description: matchExpressions is a list of label selector requirements.
+# The requirements are ANDed.
+# items:
+# description: A label selector requirement is a selector that
+# contains values, a key, and an operator that relates the
+# key and values.
+# properties:
+# key:
+# description: key is the label key that the selector applies
+# to.
+# type: string
+# operator:
+# description: operator represents a key's relationship
+# to a set of values. Valid operators are In, NotIn, Exists
+# and DoesNotExist.
+# type: string
+# values:
+# description: values is an array of string values. If the
+# operator is In or NotIn, the values array must be non-empty.
+# If the operator is Exists or DoesNotExist, the values
+# array must be empty. This array is replaced during a
+# strategic merge patch.
+# items:
+# type: string
+# type: array
+# required:
+# - key
+# - operator
+# type: object
+# type: array
+# matchLabels:
+# additionalProperties:
+# type: string
+# description: matchLabels is a map of {key,value} pairs. A single
+# {key,value} in the matchLabels map is equivalent to an element
+# of matchExpressions, whose key field is "key", the operator
+# is "In", and the values array contains only "value". The requirements
+# are ANDed.
+# type: object
+# type: object
+# x-kubernetes-map-type: atomic
+# type: array
+# password:
+# description: Authentication password for routers enforcing TCP MD5
+# authenticated sessions
+# type: string
+# passwordSecret:
+# description: passwordSecret is name of the authentication secret for
+# BGP Peer. the secret must be of type "kubernetes.io/basic-auth",
+# and created in the same namespace as the MetalLB deployment. The
+# password is stored in the secret as the key "password".
+# properties:
+# name:
+# description: name is unique within a namespace to reference a
+# secret resource.
+# type: string
+# namespace:
+# description: namespace defines the space within which the secret
+# name must be unique.
+# type: string
+# type: object
+# x-kubernetes-map-type: atomic
+# peerASN:
+# description: AS number to expect from the remote end of the session.
+# format: int32
+# maximum: 4294967295
+# minimum: 0
+# type: integer
+# peerAddress:
+# description: Address to dial when establishing the session.
+# type: string
+# peerPort:
+# default: 179
+# description: Port to dial when establishing the session.
+# maximum: 16384
+# minimum: 0
+# type: integer
+# routerID:
+# description: BGP router ID to advertise to the peer
+# type: string
+# sourceAddress:
+# description: Source address to use when establishing the session.
+# type: string
+# vrf:
+# description: To set if we want to peer with the BGPPeer using an interface
+# belonging to a host vrf
+# type: string
+# required:
+# - myASN
+# - peerASN
+# - peerAddress
+# type: object
+# status:
+# description: BGPPeerStatus defines the observed state of Peer.
+# type: object
+# type: object
+# served: true
+# storage: true
+# subresources:
+# status: {}
+# ---
+# apiVersion: apiextensions.k8s.io/v1
+# kind: CustomResourceDefinition
+# metadata:
+# annotations:
+# controller-gen.kubebuilder.io/version: v0.11.1
+# creationTimestamp: null
+# name: communities.metallb.io
+# spec:
+# group: metallb.io
+# names:
+# kind: Community
+# listKind: CommunityList
+# plural: communities
+# singular: community
+# scope: Namespaced
+# versions:
+# - name: v1beta1
+# schema:
+# openAPIV3Schema:
+# description: Community is a collection of aliases for communities. Users can
+# define named aliases to be used in the BGPPeer CRD.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: CommunitySpec defines the desired state of Community.
+# properties:
+# communities:
+# items:
+# properties:
+# name:
+# description: The name of the alias for the community.
+# type: string
+# value:
+# description: The BGP community value corresponding to the given
+# name.
+# type: string
+# type: object
+# type: array
+# type: object
+# status:
+# description: CommunityStatus defines the observed state of Community.
+# type: object
+# type: object
+# served: true
+# storage: true
+# subresources:
+# status: {}
+# ---
+# apiVersion: apiextensions.k8s.io/v1
+# kind: CustomResourceDefinition
+# metadata:
+# annotations:
+# controller-gen.kubebuilder.io/version: v0.11.1
+# creationTimestamp: null
+# name: ipaddresspools.metallb.io
+# spec:
+# group: metallb.io
+# names:
+# kind: IPAddressPool
+# listKind: IPAddressPoolList
+# plural: ipaddresspools
+# singular: ipaddresspool
+# scope: Namespaced
+# versions:
+# - additionalPrinterColumns:
+# - jsonPath: .spec.autoAssign
+# name: Auto Assign
+# type: boolean
+# - jsonPath: .spec.avoidBuggyIPs
+# name: Avoid Buggy IPs
+# type: boolean
+# - jsonPath: .spec.addresses
+# name: Addresses
+# type: string
+# name: v1beta1
+# schema:
+# openAPIV3Schema:
+# description: IPAddressPool represents a pool of IP addresses that can be allocated
+# to LoadBalancer services.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: IPAddressPoolSpec defines the desired state of IPAddressPool.
+# properties:
+# addresses:
+# description: A list of IP address ranges over which MetalLB has authority.
+# You can list multiple ranges in a single pool, they will all share
+# the same settings. Each range can be either a CIDR prefix, or an
+# explicit start-end range of IPs.
+# items:
+# type: string
+# type: array
+# autoAssign:
+# default: true
+# description: AutoAssign flag used to prevent MetallB from automatic
+# allocation for a pool.
+# type: boolean
+# avoidBuggyIPs:
+# default: false
+# description: AvoidBuggyIPs prevents addresses ending with .0 and .255
+# to be used by a pool.
+# type: boolean
+# serviceAllocation:
+# description: AllocateTo makes ip pool allocation to specific namespace
+# and/or service. The controller will use the pool with lowest value
+# of priority in case of multiple matches. A pool with no priority
+# set will be used only if the pools with priority can't be used.
+# If multiple matching IPAddressPools are available it will check
+# for the availability of IPs sorting the matching IPAddressPools
+# by priority, starting from the highest to the lowest. If multiple
+# IPAddressPools have the same priority, choice will be random.
+# properties:
+# namespaceSelectors:
+# description: NamespaceSelectors list of label selectors to select
+# namespace(s) for ip pool, an alternative to using namespace
+# list.
+# items:
+# description: A label selector is a label query over a set of
+# resources. The result of matchLabels and matchExpressions
+# are ANDed. An empty label selector matches all objects. A
+# null label selector matches no objects.
+# properties:
+# matchExpressions:
+# description: matchExpressions is a list of label selector
+# requirements. The requirements are ANDed.
+# items:
+# description: A label selector requirement is a selector
+# that contains values, a key, and an operator that relates
+# the key and values.
+# properties:
+# key:
+# description: key is the label key that the selector
+# applies to.
+# type: string
+# operator:
+# description: operator represents a key's relationship
+# to a set of values. Valid operators are In, NotIn,
+# Exists and DoesNotExist.
+# type: string
+# values:
+# description: values is an array of string values.
+# If the operator is In or NotIn, the values array
+# must be non-empty. If the operator is Exists or
+# DoesNotExist, the values array must be empty. This
+# array is replaced during a strategic merge patch.
+# items:
+# type: string
+# type: array
+# required:
+# - key
+# - operator
+# type: object
+# type: array
+# matchLabels:
+# additionalProperties:
+# type: string
+# description: matchLabels is a map of {key,value} pairs.
+# A single {key,value} in the matchLabels map is equivalent
+# to an element of matchExpressions, whose key field is
+# "key", the operator is "In", and the values array contains
+# only "value". The requirements are ANDed.
+# type: object
+# type: object
+# x-kubernetes-map-type: atomic
+# type: array
+# namespaces:
+# description: Namespaces list of namespace(s) on which ip pool
+# can be attached.
+# items:
+# type: string
+# type: array
+# priority:
+# description: Priority priority given for ip pool while ip allocation
+# on a service.
+# type: integer
+# serviceSelectors:
+# description: ServiceSelectors list of label selector to select
+# service(s) for which ip pool can be used for ip allocation.
+# items:
+# description: A label selector is a label query over a set of
+# resources. The result of matchLabels and matchExpressions
+# are ANDed. An empty label selector matches all objects. A
+# null label selector matches no objects.
+# properties:
+# matchExpressions:
+# description: matchExpressions is a list of label selector
+# requirements. The requirements are ANDed.
+# items:
+# description: A label selector requirement is a selector
+# that contains values, a key, and an operator that relates
+# the key and values.
+# properties:
+# key:
+# description: key is the label key that the selector
+# applies to.
+# type: string
+# operator:
+# description: operator represents a key's relationship
+# to a set of values. Valid operators are In, NotIn,
+# Exists and DoesNotExist.
+# type: string
+# values:
+# description: values is an array of string values.
+# If the operator is In or NotIn, the values array
+# must be non-empty. If the operator is Exists or
+# DoesNotExist, the values array must be empty. This
+# array is replaced during a strategic merge patch.
+# items:
+# type: string
+# type: array
+# required:
+# - key
+# - operator
+# type: object
+# type: array
+# matchLabels:
+# additionalProperties:
+# type: string
+# description: matchLabels is a map of {key,value} pairs.
+# A single {key,value} in the matchLabels map is equivalent
+# to an element of matchExpressions, whose key field is
+# "key", the operator is "In", and the values array contains
+# only "value". The requirements are ANDed.
+# type: object
+# type: object
+# x-kubernetes-map-type: atomic
+# type: array
+# type: object
+# required:
+# - addresses
+# type: object
+# status:
+# description: IPAddressPoolStatus defines the observed state of IPAddressPool.
+# type: object
+# required:
+# - spec
+# type: object
+# served: true
+# storage: true
+# subresources:
+# status: {}
+# ---
+# apiVersion: apiextensions.k8s.io/v1
+# kind: CustomResourceDefinition
+# metadata:
+# annotations:
+# controller-gen.kubebuilder.io/version: v0.11.1
+# creationTimestamp: null
+# name: l2advertisements.metallb.io
+# spec:
+# group: metallb.io
+# names:
+# kind: L2Advertisement
+# listKind: L2AdvertisementList
+# plural: l2advertisements
+# singular: l2advertisement
+# scope: Namespaced
+# versions:
+# - additionalPrinterColumns:
+# - jsonPath: .spec.ipAddressPools
+# name: IPAddressPools
+# type: string
+# - jsonPath: .spec.ipAddressPoolSelectors
+# name: IPAddressPool Selectors
+# type: string
+# - jsonPath: .spec.interfaces
+# name: Interfaces
+# type: string
+# - jsonPath: .spec.nodeSelectors
+# name: Node Selectors
+# priority: 10
+# type: string
+# name: v1beta1
+# schema:
+# openAPIV3Schema:
+# description: L2Advertisement allows to advertise the LoadBalancer IPs provided
+# by the selected pools via L2.
+# properties:
+# apiVersion:
+# description: 'APIVersion defines the versioned schema of this representation
+# of an object. Servers should convert recognized schemas to the latest
+# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+# type: string
+# kind:
+# description: 'Kind is a string value representing the REST resource this
+# object represents. Servers may infer this from the endpoint the client
+# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+# type: string
+# metadata:
+# type: object
+# spec:
+# description: L2AdvertisementSpec defines the desired state of L2Advertisement.
+# properties:
+# interfaces:
+# description: A list of interfaces to announce from. The LB IP will
+# be announced only from these interfaces. If the field is not set,
+# we advertise from all the interfaces on the host.
+# items:
+# type: string
+# type: array
+# ipAddressPoolSelectors:
+# description: A selector for the IPAddressPools which would get advertised
+# via this advertisement. If no IPAddressPool is selected by this
+# or by the list, the advertisement is applied to all the IPAddressPools.
+# items:
+# description: A label selector is a label query over a set of resources.
+# The result of matchLabels and matchExpressions are ANDed. An empty
+# label selector matches all objects. A null label selector matches
+# no objects.
+# properties:
+# matchExpressions:
+# description: matchExpressions is a list of label selector requirements.
+# The requirements are ANDed.
+# items:
+# description: A label selector requirement is a selector that
+# contains values, a key, and an operator that relates the
+# key and values.
+# properties:
+# key:
+# description: key is the label key that the selector applies
+# to.
+# type: string
+# operator:
+# description: operator represents a key's relationship
+# to a set of values. Valid operators are In, NotIn, Exists
+# and DoesNotExist.
+# type: string
+# values:
+# description: values is an array of string values. If the
+# operator is In or NotIn, the values array must be non-empty.
+# If the operator is Exists or DoesNotExist, the values
+# array must be empty. This array is replaced during a
+# strategic merge patch.
+# items:
+# type: string
+# type: array
+# required:
+# - key
+# - operator
+# type: object
+# type: array
+# matchLabels:
+# additionalProperties:
+# type: string
+# description: matchLabels is a map of {key,value} pairs. A single
+# {key,value} in the matchLabels map is equivalent to an element
+# of matchExpressions, whose key field is "key", the operator
+# is "In", and the values array contains only "value". The requirements
+# are ANDed.
+# type: object
+# type: object
+# x-kubernetes-map-type: atomic
+# type: array
+# ipAddressPools:
+# description: The list of IPAddressPools to advertise via this advertisement,
+# selected by name.
+# items:
+# type: string
+# type: array
+# nodeSelectors:
+# description: NodeSelectors allows to limit the nodes to announce as
+# next hops for the LoadBalancer IP. When empty, all the nodes having are
+# announced as next hops.
+# items:
+# description: A label selector is a label query over a set of resources.
+# The result of matchLabels and matchExpressions are ANDed. An empty
+# label selector matches all objects. A null label selector matches
+# no objects.
+# properties:
+# matchExpressions:
+# description: matchExpressions is a list of label selector requirements.
+# The requirements are ANDed.
+# items:
+# description: A label selector requirement is a selector that
+# contains values, a key, and an operator that relates the
+# key and values.
+# properties:
+# key:
+# description: key is the label key that the selector applies
+# to.
+# type: string
+# operator:
+# description: operator represents a key's relationship
+# to a set of values. Valid operators are In, NotIn, Exists
+# and DoesNotExist.
+# type: string
+# values:
+# description: values is an array of string values. If the
+# operator is In or NotIn, the values array must be non-empty.
+# If the operator is Exists or DoesNotExist, the values
+# array must be empty. This array is replaced during a
+# strategic merge patch.
+# items:
+# type: string
+# type: array
+# required:
+# - key
+# - operator
+# type: object
+# type: array
+# matchLabels:
+# additionalProperties:
+# type: string
+# description: matchLabels is a map of {key,value} pairs. A single
+# {key,value} in the matchLabels map is equivalent to an element
+# of matchExpressions, whose key field is "key", the operator
+# is "In", and the values array contains only "value". The requirements
+# are ANDed.
+# type: object
+# type: object
+# x-kubernetes-map-type: atomic
+# type: array
+# type: object
+# status:
+# description: L2AdvertisementStatus defines the observed state of L2Advertisement.
+# type: object
+# type: object
+# served: true
+# storage: true
+# subresources:
+# status: {}
+# ---
+# apiVersion: v1
+# kind: ServiceAccount
+# metadata:
+# labels:
+# app: metallb
+# name: controller
+# namespace: {{ .Release.Namespace }}
+# ---
+# apiVersion: v1
+# kind: ServiceAccount
+# metadata:
+# labels:
+# app: metallb
+# name: speaker
+# namespace: {{ .Release.Namespace }}
+# ---
+# apiVersion: rbac.authorization.k8s.io/v1
+# kind: Role
+# metadata:
+# labels:
+# app: metallb
+# name: controller
+# namespace: {{ .Release.Namespace }}
+# rules:
+# - apiGroups:
+# - ""
+# resources:
+# - secrets
+# verbs:
+# - create
+# - delete
+# - get
+# - list
+# - patch
+# - update
+# - watch
+# - apiGroups:
+# - ""
+# resourceNames:
+# - memberlist
+# resources:
+# - secrets
+# verbs:
+# - list
+# - apiGroups:
+# - apps
+# resourceNames:
+# - controller
+# resources:
+# - deployments
+# verbs:
+# - get
+# - apiGroups:
+# - metallb.io
+# resources:
+# - bgppeers
+# verbs:
+# - get
+# - list
+# - apiGroups:
+# - metallb.io
+# resources:
+# - addresspools
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - bfdprofiles
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - ipaddresspools
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - bgpadvertisements
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - l2advertisements
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - communities
+# verbs:
+# - get
+# - list
+# - watch
+# ---
+# apiVersion: rbac.authorization.k8s.io/v1
+# kind: Role
+# metadata:
+# labels:
+# app: metallb
+# name: pod-lister
+# namespace: {{ .Release.Namespace }}
+# rules:
+# - apiGroups:
+# - ""
+# resources:
+# - pods
+# verbs:
+# - list
+# - apiGroups:
+# - ""
+# resources:
+# - secrets
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - addresspools
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - bfdprofiles
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - bgppeers
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - l2advertisements
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - bgpadvertisements
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - ipaddresspools
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - metallb.io
+# resources:
+# - communities
+# verbs:
+# - get
+# - list
+# - watch
+# ---
+# apiVersion: rbac.authorization.k8s.io/v1
+# kind: ClusterRole
+# metadata:
+# labels:
+# app: metallb
+# name: metallb-system:controller
+# rules:
+# - apiGroups:
+# - ""
+# resources:
+# - services
+# - namespaces
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - ""
+# resources:
+# - services/status
+# verbs:
+# - update
+# - apiGroups:
+# - ""
+# resources:
+# - events
+# verbs:
+# - create
+# - patch
+# - apiGroups:
+# - policy
+# resourceNames:
+# - controller
+# resources:
+# - podsecuritypolicies
+# verbs:
+# - use
+# - apiGroups:
+# - admissionregistration.k8s.io
+# resourceNames:
+# - metallb-webhook-configuration
+# resources:
+# - validatingwebhookconfigurations
+# - mutatingwebhookconfigurations
+# verbs:
+# - create
+# - delete
+# - get
+# - list
+# - patch
+# - update
+# - watch
+# - apiGroups:
+# - admissionregistration.k8s.io
+# resources:
+# - validatingwebhookconfigurations
+# - mutatingwebhookconfigurations
+# verbs:
+# - list
+# - watch
+# - apiGroups:
+# - apiextensions.k8s.io
+# resourceNames:
+# - addresspools.metallb.io
+# - bfdprofiles.metallb.io
+# - bgpadvertisements.metallb.io
+# - bgppeers.metallb.io
+# - ipaddresspools.metallb.io
+# - l2advertisements.metallb.io
+# - communities.metallb.io
+# resources:
+# - customresourcedefinitions
+# verbs:
+# - create
+# - delete
+# - get
+# - list
+# - patch
+# - update
+# - watch
+# - apiGroups:
+# - apiextensions.k8s.io
+# resources:
+# - customresourcedefinitions
+# verbs:
+# - list
+# - watch
+# ---
+# apiVersion: rbac.authorization.k8s.io/v1
+# kind: ClusterRole
+# metadata:
+# labels:
+# app: metallb
+# name: metallb-system:speaker
+# rules:
+# - apiGroups:
+# - ""
+# resources:
+# - services
+# - endpoints
+# - nodes
+# - namespaces
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - discovery.k8s.io
+# resources:
+# - endpointslices
+# verbs:
+# - get
+# - list
+# - watch
+# - apiGroups:
+# - ""
+# resources:
+# - events
+# verbs:
+# - create
+# - patch
+# - apiGroups:
+# - policy
+# resourceNames:
+# - speaker
+# resources:
+# - podsecuritypolicies
+# verbs:
+# - use
+# ---
+# apiVersion: rbac.authorization.k8s.io/v1
+# kind: RoleBinding
+# metadata:
+# labels:
+# app: metallb
+# name: controller
+# namespace: {{ .Release.Namespace }}
+# roleRef:
+# apiGroup: rbac.authorization.k8s.io
+# kind: Role
+# name: controller
+# subjects:
+# - kind: ServiceAccount
+# name: controller
+# namespace: {{ .Release.Namespace }}
+# ---
+# apiVersion: rbac.authorization.k8s.io/v1
+# kind: RoleBinding
+# metadata:
+# labels:
+# app: metallb
+# name: pod-lister
+# namespace: {{ .Release.Namespace }}
+# roleRef:
+# apiGroup: rbac.authorization.k8s.io
+# kind: Role
+# name: pod-lister
+# subjects:
+# - kind: ServiceAccount
+# name: speaker
+# namespace: {{ .Release.Namespace }}
+# ---
+# apiVersion: rbac.authorization.k8s.io/v1
+# kind: ClusterRoleBinding
+# metadata:
+# labels:
+# app: metallb
+# name: metallb-system:controller
+# roleRef:
+# apiGroup: rbac.authorization.k8s.io
+# kind: ClusterRole
+# name: metallb-system:controller
+# subjects:
+# - kind: ServiceAccount
+# name: controller
+# namespace: {{ .Release.Namespace }}
+# ---
+# apiVersion: rbac.authorization.k8s.io/v1
+# kind: ClusterRoleBinding
+# metadata:
+# labels:
+# app: metallb
+# name: metallb-system:speaker
+# roleRef:
+# apiGroup: rbac.authorization.k8s.io
+# kind: ClusterRole
+# name: metallb-system:speaker
+# subjects:
+# - kind: ServiceAccount
+# name: speaker
+# namespace: {{ .Release.Namespace }}
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# name: webhook-server-cert
+# namespace: {{ .Release.Namespace }}
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# spec:
+# ports:
+# - port: 443
+# targetPort: 9443
+# selector:
+# component: controller
+# ---
+# apiVersion: apps/v1
+# kind: Deployment
+# metadata:
+# labels:
+# app: metallb
+# component: controller
+# name: controller
+# namespace: {{ .Release.Namespace }}
+# spec:
+# revisionHistoryLimit: 3
+# selector:
+# matchLabels:
+# app: metallb
+# component: controller
+# template:
+# metadata:
+# annotations:
+# prometheus.io/port: "7472"
+# prometheus.io/scrape: "true"
+# labels:
+# app: metallb
+# component: controller
+# spec:
+# containers:
+# - args:
+# - --port=7472
+# - --log-level={{ .Values.controller.logLevel }}
+# env:
+# - name: METALLB_ML_SECRET_NAME
+# value: memberlist
+# - name: METALLB_DEPLOYMENT
+# value: controller
+# image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+# imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+# livenessProbe:
+# failureThreshold: 3
+# httpGet:
+# path: /metrics
+# port: monitoring
+# initialDelaySeconds: 10
+# periodSeconds: 10
+# successThreshold: 1
+# timeoutSeconds: 1
+# name: controller
+# ports:
+# - containerPort: 7472
+# name: monitoring
+# - containerPort: 9443
+# name: webhook-server
+# protocol: TCP
+# readinessProbe:
+# failureThreshold: 3
+# httpGet:
+# path: /metrics
+# port: monitoring
+# initialDelaySeconds: 10
+# periodSeconds: 10
+# successThreshold: 1
+# timeoutSeconds: 1
+# securityContext:
+# allowPrivilegeEscalation: false
+# capabilities:
+# drop:
+# - all
+# readOnlyRootFilesystem: true
+# volumeMounts:
+# - mountPath: /tmp/k8s-webhook-server/serving-certs
+# name: cert
+# readOnly: true
+# nodeSelector:
+# kubernetes.io/os: linux
+# securityContext:
+# fsGroup: 65534
+# runAsNonRoot: true
+# runAsUser: 65534
+# serviceAccountName: controller
+# terminationGracePeriodSeconds: 0
+# volumes:
+# - name: cert
+# secret:
+# defaultMode: 420
+# secretName: webhook-server-cert
+# ---
+# apiVersion: apps/v1
+# kind: DaemonSet
+# metadata:
+# labels:
+# app: metallb
+# component: speaker
+# name: speaker
+# namespace: {{ .Release.Namespace }}
+# spec:
+# selector:
+# matchLabels:
+# app: metallb
+# component: speaker
+# template:
+# metadata:
+# annotations:
+# prometheus.io/port: "7472"
+# prometheus.io/scrape: "true"
+# labels:
+# app: metallb
+# component: speaker
+# spec:
+# containers:
+# - args:
+# - --port=7472
+# - --log-level={{ .Values.controller.logLevel }}
+# env:
+# - name: METALLB_NODE_NAME
+# valueFrom:
+# fieldRef:
+# fieldPath: spec.nodeName
+# - name: METALLB_HOST
+# valueFrom:
+# fieldRef:
+# fieldPath: status.hostIP
+# - name: METALLB_ML_BIND_ADDR
+# valueFrom:
+# fieldRef:
+# fieldPath: status.podIP
+# - name: METALLB_ML_LABELS
+# value: app=metallb,component=speaker
+# - name: METALLB_ML_SECRET_KEY_PATH
+# value: /etc/ml_secret_key
+# image: {{ .Values.speaker.image.repository }}:{{ .Values.speaker.image.tag }}
+# imagePullPolicy: {{ .Values.speaker.image.pullPolicy }}
+# livenessProbe:
+# failureThreshold: 3
+# httpGet:
+# path: /metrics
+# port: monitoring
+# initialDelaySeconds: 10
+# periodSeconds: 10
+# successThreshold: 1
+# timeoutSeconds: 1
+# name: speaker
+# ports:
+# - containerPort: 7472
+# name: monitoring
+# - containerPort: 7946
+# name: memberlist-tcp
+# - containerPort: 7946
+# name: memberlist-udp
+# protocol: UDP
+# readinessProbe:
+# failureThreshold: 3
+# httpGet:
+# path: /metrics
+# port: monitoring
+# initialDelaySeconds: 10
+# periodSeconds: 10
+# successThreshold: 1
+# timeoutSeconds: 1
+# securityContext:
+# allowPrivilegeEscalation: false
+# capabilities:
+# add:
+# - NET_RAW
+# drop:
+# - ALL
+# readOnlyRootFilesystem: true
+# volumeMounts:
+# - mountPath: /etc/ml_secret_key
+# name: memberlist
+# readOnly: true
+# hostNetwork: true
+# nodeSelector:
+# kubernetes.io/os: linux
+# serviceAccountName: speaker
+# terminationGracePeriodSeconds: 2
+# tolerations:
+# - effect: NoSchedule
+# key: node-role.kubernetes.io/master
+# operator: Exists
+# - effect: NoSchedule
+# key: node-role.kubernetes.io/control-plane
+# operator: Exists
+# volumes:
+# - name: memberlist
+# secret:
+# defaultMode: 420
+# secretName: memberlist
+# ---
+# apiVersion: admissionregistration.k8s.io/v1
+# kind: ValidatingWebhookConfiguration
+# metadata:
+# creationTimestamp: null
+# name: metallb-webhook-configuration
+# webhooks:
+# - admissionReviewVersions:
+# - v1
+# clientConfig:
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /validate-metallb-io-v1beta2-bgppeer
+# failurePolicy: Fail
+# name: bgppeersvalidationwebhook.metallb.io
+# rules:
+# - apiGroups:
+# - metallb.io
+# apiVersions:
+# - v1beta2
+# operations:
+# - CREATE
+# - UPDATE
+# resources:
+# - bgppeers
+# sideEffects: None
+# - admissionReviewVersions:
+# - v1
+# clientConfig:
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /validate-metallb-io-v1beta1-addresspool
+# failurePolicy: Fail
+# name: addresspoolvalidationwebhook.metallb.io
+# rules:
+# - apiGroups:
+# - metallb.io
+# apiVersions:
+# - v1beta1
+# operations:
+# - CREATE
+# - UPDATE
+# resources:
+# - addresspools
+# sideEffects: None
+# - admissionReviewVersions:
+# - v1
+# clientConfig:
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /validate-metallb-io-v1beta1-bfdprofile
+# failurePolicy: Fail
+# name: bfdprofilevalidationwebhook.metallb.io
+# rules:
+# - apiGroups:
+# - metallb.io
+# apiVersions:
+# - v1beta1
+# operations:
+# - CREATE
+# - DELETE
+# resources:
+# - bfdprofiles
+# sideEffects: None
+# - admissionReviewVersions:
+# - v1
+# clientConfig:
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /validate-metallb-io-v1beta1-bgpadvertisement
+# failurePolicy: Fail
+# name: bgpadvertisementvalidationwebhook.metallb.io
+# rules:
+# - apiGroups:
+# - metallb.io
+# apiVersions:
+# - v1beta1
+# operations:
+# - CREATE
+# - UPDATE
+# resources:
+# - bgpadvertisements
+# sideEffects: None
+# - admissionReviewVersions:
+# - v1
+# clientConfig:
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /validate-metallb-io-v1beta1-community
+# failurePolicy: Fail
+# name: communityvalidationwebhook.metallb.io
+# rules:
+# - apiGroups:
+# - metallb.io
+# apiVersions:
+# - v1beta1
+# operations:
+# - CREATE
+# - UPDATE
+# resources:
+# - communities
+# sideEffects: None
+# - admissionReviewVersions:
+# - v1
+# clientConfig:
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /validate-metallb-io-v1beta1-ipaddresspool
+# failurePolicy: Fail
+# name: ipaddresspoolvalidationwebhook.metallb.io
+# rules:
+# - apiGroups:
+# - metallb.io
+# apiVersions:
+# - v1beta1
+# operations:
+# - CREATE
+# - UPDATE
+# resources:
+# - ipaddresspools
+# sideEffects: None
+# - admissionReviewVersions:
+# - v1
+# clientConfig:
+# service:
+# name: webhook-service
+# namespace: {{ .Release.Namespace }}
+# path: /validate-metallb-io-v1beta1-l2advertisement
+# failurePolicy: Fail
+# name: l2advertisementvalidationwebhook.metallb.io
+# rules:
+# - apiGroups:
+# - metallb.io
+# apiVersions:
+# - v1beta1
+# operations:
+# - CREATE
+# - UPDATE
+# resources:
+# - l2advertisements
+# sideEffects: None
diff --git a/charts/metallb/values.yaml b/charts/metallb/values.yaml
new file mode 100644
index 0000000..2b990b7
--- /dev/null
+++ b/charts/metallb/values.yaml
@@ -0,0 +1,12 @@
+controller:
+ image:
+ repository: quay.io/metallb/controller
+ tag:
+ pullPolicy:
+ logLevel: info
+speaker:
+ image:
+ repository: quay.io/metallb/speaker
+ tag:
+ pullPolicy:
+ logLevel: info
diff --git a/charts/namespace/.helmignore b/charts/namespace/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/namespace/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/namespace/Chart.yaml b/charts/namespace/Chart.yaml
new file mode 100644
index 0000000..9dd3c96
--- /dev/null
+++ b/charts/namespace/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: namespaces
+description: A Helm chart for creating PCloud namespaces
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/namespace/templates/namespace.yaml b/charts/namespace/templates/namespace.yaml
new file mode 100644
index 0000000..58d5d46
--- /dev/null
+++ b/charts/namespace/templates/namespace.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ .Values.namespace }}
+ labels:
+ {{ range .Values.labels }}
+ {{ . }}
+ {{ end }}
+ # annotations:
+ # helm.sh/resource-policy: keep
+
diff --git a/charts/namespace/values.yaml b/charts/namespace/values.yaml
new file mode 100644
index 0000000..4c412e6
--- /dev/null
+++ b/charts/namespace/values.yaml
@@ -0,0 +1,4 @@
+name: example
+labels:
+- foo
+- bar
diff --git a/charts/soft-serve/foo.yml b/charts/soft-serve/foo.yml
new file mode 100644
index 0000000..1b22e81
--- /dev/null
+++ b/charts/soft-serve/foo.yml
@@ -0,0 +1,8 @@
+ # - name: SOFT_SERVE_PORT
+ # value: "{{ .Values.port }}"
+ # - name: SOFT_SERVE_INITIAL_ADMIN_KEY
+ # value: "{{ .Values.adminKey }}"
+ # - name: SOFT_SERVE_KEY_PATH
+ # value: /.ssh/key
+ # - name: SOFT_SERVE_REPO_PATH
+ # value: /var/lib/soft-serve/repos
diff --git a/charts/soft-serve/templates/service.yaml b/charts/soft-serve/templates/service.yaml
index 907d4af..c1e3326 100644
--- a/charts/soft-serve/templates/service.yaml
+++ b/charts/soft-serve/templates/service.yaml
@@ -3,6 +3,8 @@
metadata:
name: soft-serve
namespace: {{ .Release.Namespace }}
+ annotations:
+ metallb.universe.tf/loadBalancerIPs: {{ .Values.reservedIP }}
spec:
type: LoadBalancer
selector:
diff --git a/charts/soft-serve/templates/stateful-set.yaml b/charts/soft-serve/templates/stateful-set.yaml
index d66d232..1436ec8 100644
--- a/charts/soft-serve/templates/stateful-set.yaml
+++ b/charts/soft-serve/templates/stateful-set.yaml
@@ -26,13 +26,13 @@
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy}}
env:
- - name: SOFT_SERVE_PORT
- value: "{{ .Values.port }}"
- - name: SOFT_SERVE_INITIAL_ADMIN_KEY
+ - name: SOFT_SERVE_SSH_LISTEN_ADDR
+ value: ":{{ .Values.port }}"
+ - name: SOFT_SERVE_INITIAL_ADMIN_KEYS
value: "{{ .Values.adminKey }}"
- - name: SOFT_SERVE_KEY_PATH
+ - name: SOFT_SERVE_SSH_KEY_PATH
value: /.ssh/key
- - name: SOFT_SERVE_REPO_PATH
+ - name: SOFT_SERVE_DATA_PATH
value: /var/lib/soft-serve/repos
ports:
- name: ssh
diff --git a/charts/soft-serve/values.yaml b/charts/soft-serve/values.yaml
index ecac25a..2188afb 100644
--- a/charts/soft-serve/values.yaml
+++ b/charts/soft-serve/values.yaml
@@ -8,3 +8,4 @@
privateKey: ""
publicKey: ""
adminKey: ""
+reservedIP: 192.168.0.100