| gio | 2539d9e | 2025-05-22 12:19:30 +0400 | [diff] [blame^] | 1 | {{- if .Values.openshift.enabled }} |
| 2 | {{- if .Values.openshift.ui.route }} |
| 3 | # https://github.com/openshift/oauth-proxy/blob/master/contrib/sidecar.yaml |
| 4 | # Create a proxy service account and ensure it will use the route "proxy" |
| 5 | # Create a secure connection to the proxy via a route |
| 6 | apiVersion: route.openshift.io/v1 |
| 7 | kind: Route |
| 8 | metadata: |
| 9 | labels: {{- include "longhorn.labels" . | nindent 4 }} |
| 10 | app: longhorn-ui |
| 11 | name: {{ .Values.openshift.ui.route }} |
| 12 | namespace: {{ include "release_namespace" . }} |
| 13 | spec: |
| 14 | to: |
| 15 | kind: Service |
| 16 | name: longhorn-ui |
| 17 | tls: |
| 18 | termination: reencrypt |
| 19 | --- |
| 20 | apiVersion: v1 |
| 21 | kind: Service |
| 22 | metadata: |
| 23 | labels: {{- include "longhorn.labels" . | nindent 4 }} |
| 24 | app: longhorn-ui |
| 25 | name: longhorn-ui |
| 26 | namespace: {{ include "release_namespace" . }} |
| 27 | annotations: |
| 28 | service.alpha.openshift.io/serving-cert-secret-name: longhorn-ui-tls |
| 29 | spec: |
| 30 | ports: |
| 31 | - name: longhorn-ui |
| 32 | port: {{ .Values.openshift.ui.port | default 443 }} |
| 33 | targetPort: {{ .Values.openshift.ui.proxy | default 8443 }} |
| 34 | selector: |
| 35 | app: longhorn-ui |
| 36 | --- |
| 37 | {{- end }} |
| 38 | {{- end }} |
| 39 | apiVersion: apps/v1 |
| 40 | kind: Deployment |
| 41 | metadata: |
| 42 | labels: {{- include "longhorn.labels" . | nindent 4 }} |
| 43 | app: longhorn-ui |
| 44 | name: longhorn-ui |
| 45 | namespace: {{ include "release_namespace" . }} |
| 46 | spec: |
| 47 | replicas: {{ .Values.longhornUI.replicas }} |
| 48 | selector: |
| 49 | matchLabels: |
| 50 | app: longhorn-ui |
| 51 | template: |
| 52 | metadata: |
| 53 | labels: {{- include "longhorn.labels" . | nindent 8 }} |
| 54 | app: longhorn-ui |
| 55 | spec: |
| 56 | serviceAccountName: longhorn-ui-service-account |
| 57 | affinity: |
| 58 | podAntiAffinity: |
| 59 | preferredDuringSchedulingIgnoredDuringExecution: |
| 60 | - weight: 1 |
| 61 | podAffinityTerm: |
| 62 | labelSelector: |
| 63 | matchExpressions: |
| 64 | - key: app |
| 65 | operator: In |
| 66 | values: |
| 67 | - longhorn-ui |
| 68 | topologyKey: kubernetes.io/hostname |
| 69 | containers: |
| 70 | {{- if .Values.openshift.enabled }} |
| 71 | {{- if .Values.openshift.ui.route }} |
| 72 | - name: oauth-proxy |
| 73 | {{- if .Values.image.openshift.oauthProxy.repository }} |
| 74 | image: {{ template "registry_url" . }}{{ .Values.image.openshift.oauthProxy.repository }}:{{ .Values.image.openshift.oauthProxy.tag }} |
| 75 | {{- else }} |
| 76 | image: "" |
| 77 | {{- end }} |
| 78 | imagePullPolicy: IfNotPresent |
| 79 | ports: |
| 80 | - containerPort: {{ .Values.openshift.ui.proxy | default 8443 }} |
| 81 | name: public |
| 82 | args: |
| 83 | - --https-address=:{{ .Values.openshift.ui.proxy | default 8443 }} |
| 84 | - --provider=openshift |
| 85 | - --openshift-service-account=longhorn-ui-service-account |
| 86 | - --upstream=http://localhost:8000 |
| 87 | - --tls-cert=/etc/tls/private/tls.crt |
| 88 | - --tls-key=/etc/tls/private/tls.key |
| 89 | - --cookie-secret=SECRET |
| 90 | - --openshift-sar={"namespace":"{{ include "release_namespace" . }}","group":"longhorn.io","resource":"setting","verb":"delete"} |
| 91 | volumeMounts: |
| 92 | - mountPath: /etc/tls/private |
| 93 | name: longhorn-ui-tls |
| 94 | {{- end }} |
| 95 | {{- end }} |
| 96 | - name: longhorn-ui |
| 97 | image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} |
| 98 | imagePullPolicy: {{ .Values.image.pullPolicy }} |
| 99 | volumeMounts: |
| 100 | - name : nginx-cache |
| 101 | mountPath: /var/cache/nginx/ |
| 102 | - name : nginx-config |
| 103 | mountPath: /var/config/nginx/ |
| 104 | - name: var-run |
| 105 | mountPath: /var/run/ |
| 106 | ports: |
| 107 | - containerPort: 8000 |
| 108 | name: http |
| 109 | env: |
| 110 | - name: LONGHORN_MANAGER_IP |
| 111 | value: "http://longhorn-backend:9500" |
| 112 | - name: LONGHORN_UI_PORT |
| 113 | value: "8000" |
| 114 | volumes: |
| 115 | {{- if .Values.openshift.enabled }} |
| 116 | {{- if .Values.openshift.ui.route }} |
| 117 | - name: longhorn-ui-tls |
| 118 | secret: |
| 119 | secretName: longhorn-ui-tls |
| 120 | {{- end }} |
| 121 | {{- end }} |
| 122 | - emptyDir: {} |
| 123 | name: nginx-cache |
| 124 | - emptyDir: {} |
| 125 | name: nginx-config |
| 126 | - emptyDir: {} |
| 127 | name: var-run |
| 128 | {{- if .Values.privateRegistry.registrySecret }} |
| 129 | imagePullSecrets: |
| 130 | - name: {{ .Values.privateRegistry.registrySecret }} |
| 131 | {{- end }} |
| 132 | {{- if .Values.longhornUI.priorityClass }} |
| 133 | priorityClassName: {{ .Values.longhornUI.priorityClass | quote }} |
| 134 | {{- end }} |
| 135 | {{- if or .Values.global.tolerations .Values.longhornUI.tolerations .Values.global.cattle.windowsCluster.enabled }} |
| 136 | tolerations: |
| 137 | {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} |
| 138 | {{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} |
| 139 | {{- end }} |
| 140 | {{- if or .Values.global.tolerations .Values.longhornUI.tolerations }} |
| 141 | {{ default .Values.global.tolerations .Values.longhornUI.tolerations | toYaml | indent 6 }} |
| 142 | {{- end }} |
| 143 | {{- end }} |
| 144 | {{- if or .Values.global.nodeSelector .Values.longhornUI.nodeSelector .Values.global.cattle.windowsCluster.enabled }} |
| 145 | nodeSelector: |
| 146 | {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} |
| 147 | {{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} |
| 148 | {{- end }} |
| 149 | {{- if or .Values.global.nodeSelector .Values.longhornUI.nodeSelector }} |
| 150 | {{ default .Values.global.nodeSelector .Values.longhornUI.nodeSelector | toYaml | indent 8 }} |
| 151 | {{- end }} |
| 152 | {{- end }} |
| 153 | --- |
| 154 | kind: Service |
| 155 | apiVersion: v1 |
| 156 | metadata: |
| 157 | labels: {{- include "longhorn.labels" . | nindent 4 }} |
| 158 | app: longhorn-ui |
| 159 | {{- if eq .Values.service.ui.type "Rancher-Proxy" }} |
| 160 | kubernetes.io/cluster-service: "true" |
| 161 | {{- end }} |
| 162 | name: longhorn-frontend |
| 163 | namespace: {{ include "release_namespace" . }} |
| 164 | spec: |
| 165 | {{- if eq .Values.service.ui.type "Rancher-Proxy" }} |
| 166 | type: ClusterIP |
| 167 | {{- else }} |
| 168 | type: {{ .Values.service.ui.type }} |
| 169 | {{- end }} |
| 170 | {{- if and .Values.service.ui.loadBalancerIP (eq .Values.service.ui.type "LoadBalancer") }} |
| 171 | loadBalancerIP: {{ .Values.service.ui.loadBalancerIP }} |
| 172 | {{- end }} |
| 173 | {{- if and (eq .Values.service.ui.type "LoadBalancer") .Values.service.ui.loadBalancerSourceRanges }} |
| 174 | loadBalancerSourceRanges: {{- toYaml .Values.service.ui.loadBalancerSourceRanges | nindent 4 }} |
| 175 | {{- end }} |
| 176 | selector: |
| 177 | app: longhorn-ui |
| 178 | ports: |
| 179 | - name: http |
| 180 | port: 80 |
| 181 | targetPort: http |
| 182 | {{- if .Values.service.ui.nodePort }} |
| 183 | nodePort: {{ .Values.service.ui.nodePort }} |
| 184 | {{- else }} |
| 185 | nodePort: null |
| 186 | {{- end }} |