| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 1 | {{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}} |
| 2 | {{- include "isControllerTagValid" . -}} |
| 3 | apiVersion: apps/v1 |
| 4 | kind: DaemonSet |
| 5 | metadata: |
| 6 | labels: |
| 7 | {{- include "ingress-nginx.labels" . | nindent 4 }} |
| 8 | app.kubernetes.io/component: controller |
| 9 | {{- with .Values.controller.labels }} |
| 10 | {{- toYaml . | nindent 4 }} |
| 11 | {{- end }} |
| 12 | name: {{ include "ingress-nginx.controller.fullname" . }} |
| 13 | namespace: {{ .Release.Namespace }} |
| 14 | {{- if .Values.controller.annotations }} |
| 15 | annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} |
| 16 | {{- end }} |
| 17 | spec: |
| 18 | selector: |
| 19 | matchLabels: |
| 20 | {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} |
| 21 | app.kubernetes.io/component: controller |
| 22 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} |
| 23 | {{- if .Values.controller.updateStrategy }} |
| 24 | updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} |
| 25 | {{- end }} |
| 26 | minReadySeconds: {{ .Values.controller.minReadySeconds }} |
| 27 | template: |
| 28 | metadata: |
| 29 | {{- if .Values.controller.podAnnotations }} |
| 30 | annotations: |
| 31 | {{- range $key, $value := .Values.controller.podAnnotations }} |
| 32 | {{ $key }}: {{ $value | quote }} |
| 33 | {{- end }} |
| 34 | {{- end }} |
| 35 | labels: |
| 36 | {{- include "ingress-nginx.selectorLabels" . | nindent 8 }} |
| 37 | app.kubernetes.io/component: controller |
| 38 | {{- if .Values.controller.podLabels }} |
| 39 | {{- toYaml .Values.controller.podLabels | nindent 8 }} |
| 40 | {{- end }} |
| 41 | spec: |
| 42 | {{- if .Values.controller.dnsConfig }} |
| 43 | dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} |
| 44 | {{- end }} |
| 45 | {{- if .Values.controller.hostname }} |
| 46 | hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} |
| 47 | {{- end }} |
| 48 | dnsPolicy: {{ .Values.controller.dnsPolicy }} |
| 49 | {{- if .Values.imagePullSecrets }} |
| 50 | imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} |
| 51 | {{- end }} |
| 52 | {{- if .Values.controller.priorityClassName }} |
| 53 | priorityClassName: {{ .Values.controller.priorityClassName }} |
| 54 | {{- end }} |
| 55 | {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} |
| 56 | securityContext: |
| 57 | {{- end }} |
| 58 | {{- if .Values.controller.podSecurityContext }} |
| 59 | {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} |
| 60 | {{- end }} |
| 61 | {{- if .Values.controller.sysctls }} |
| 62 | sysctls: |
| 63 | {{- range $sysctl, $value := .Values.controller.sysctls }} |
| 64 | - name: {{ $sysctl | quote }} |
| 65 | value: {{ $value | quote }} |
| 66 | {{- end }} |
| 67 | {{- end }} |
| 68 | containers: |
| 69 | - name: {{ .Values.controller.containerName }} |
| 70 | {{- with .Values.controller.image }} |
| 71 | image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" |
| 72 | {{- end }} |
| 73 | imagePullPolicy: {{ .Values.controller.image.pullPolicy }} |
| 74 | {{- if .Values.controller.lifecycle }} |
| 75 | lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} |
| 76 | {{- end }} |
| 77 | args: |
| 78 | - /nginx-ingress-controller |
| 79 | {{- if .Values.defaultBackend.enabled }} |
| 80 | - --default-backend-service=$(POD_NAMESPACE)/{{ include "ingress-nginx.defaultBackend.fullname" . }} |
| 81 | {{- end }} |
| 82 | {{- if .Values.controller.publishService.enabled }} |
| 83 | - --publish-service={{ template "ingress-nginx.controller.publishServicePath" . }} |
| 84 | {{- end }} |
| 85 | - --election-id={{ .Values.controller.electionID }} |
| 86 | - --controller-class={{ .Values.controller.ingressClassResource.controllerValue }} |
| 87 | - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} |
| 88 | {{- if .Values.tcp }} |
| 89 | - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp |
| 90 | {{- end }} |
| 91 | {{- if .Values.udp }} |
| 92 | - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp |
| 93 | {{- end }} |
| 94 | {{- if .Values.controller.scope.enabled }} |
| 95 | - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} |
| 96 | {{- end }} |
| 97 | {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} |
| 98 | - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} |
| 99 | {{- end }} |
| 100 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 101 | - --validating-webhook=:{{ .Values.controller.admissionWebhooks.port }} |
| 102 | - --validating-webhook-certificate={{ .Values.controller.admissionWebhooks.certificate }} |
| 103 | - --validating-webhook-key={{ .Values.controller.admissionWebhooks.key }} |
| 104 | {{- end }} |
| 105 | {{- if .Values.controller.maxmindMirror }} |
| 106 | - --maxmind-mirror={{ .Values.controller.maxmindMirror }} |
| 107 | {{- end}} |
| 108 | {{- if .Values.controller.maxmindLicenseKey }} |
| 109 | - --maxmind-license-key={{ .Values.controller.maxmindLicenseKey }} |
| 110 | {{- end }} |
| 111 | {{- if not (eq .Values.controller.healthCheckPath "/healthz") }} |
| 112 | - --health-check-path={{ .Values.controller.healthCheckPath }} |
| 113 | {{- end }} |
| 114 | {{- if .Values.controller.healthCheckHost }} |
| 115 | - --healthz-host={{ .Values.controller.healthCheckHost }} |
| 116 | {{- end }} |
| 117 | {{- if .Values.controller.ingressClassByName }} |
| 118 | - --ingress-class-by-name=true |
| 119 | {{- end }} |
| 120 | {{- if .Values.controller.watchIngressWithoutClass }} |
| 121 | - --watch-ingress-without-class=true |
| 122 | {{- end }} |
| 123 | {{- range $key, $value := .Values.controller.extraArgs }} |
| 124 | {{- /* Accept keys without values or with false as value */}} |
| 125 | {{- if eq ($value | quote | len) 2 }} |
| 126 | - --{{ $key }} |
| 127 | {{- else }} |
| 128 | - --{{ $key }}={{ $value }} |
| 129 | {{- end }} |
| 130 | {{- end }} |
| 131 | securityContext: |
| 132 | capabilities: |
| 133 | drop: |
| 134 | - ALL |
| 135 | add: |
| 136 | - NET_BIND_SERVICE |
| 137 | runAsUser: {{ .Values.controller.image.runAsUser }} |
| 138 | allowPrivilegeEscalation: {{ .Values.controller.image.allowPrivilegeEscalation }} |
| 139 | env: |
| 140 | - name: POD_NAME |
| 141 | valueFrom: |
| 142 | fieldRef: |
| 143 | fieldPath: metadata.name |
| 144 | - name: POD_NAMESPACE |
| 145 | valueFrom: |
| 146 | fieldRef: |
| 147 | fieldPath: metadata.namespace |
| 148 | {{- if .Values.controller.enableMimalloc }} |
| 149 | - name: LD_PRELOAD |
| 150 | value: /usr/local/lib/libmimalloc.so |
| 151 | {{- end }} |
| 152 | {{- if .Values.controller.extraEnvs }} |
| 153 | {{- toYaml .Values.controller.extraEnvs | nindent 12 }} |
| 154 | {{- end }} |
| 155 | {{- if .Values.controller.startupProbe }} |
| 156 | startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} |
| 157 | {{- end }} |
| 158 | livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} |
| 159 | readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} |
| 160 | ports: |
| 161 | {{- range $key, $value := .Values.controller.containerPort }} |
| 162 | - name: {{ $key }} |
| 163 | containerPort: {{ $value }} |
| 164 | protocol: TCP |
| 165 | {{- if $.Values.controller.hostPort.enabled }} |
| 166 | hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} |
| 167 | {{- end }} |
| 168 | {{- end }} |
| 169 | {{- if .Values.controller.metrics.enabled }} |
| 170 | - name: metrics |
| 171 | containerPort: {{ .Values.controller.metrics.port }} |
| 172 | protocol: TCP |
| 173 | {{- end }} |
| 174 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 175 | - name: webhook |
| 176 | containerPort: {{ .Values.controller.admissionWebhooks.port }} |
| 177 | protocol: TCP |
| 178 | {{- end }} |
| 179 | {{- range $key, $value := .Values.tcp }} |
| 180 | - name: {{ $key }}-tcp |
| 181 | containerPort: {{ $key }} |
| 182 | protocol: TCP |
| 183 | {{- if $.Values.controller.hostPort.enabled }} |
| 184 | hostPort: {{ $key }} |
| 185 | {{- end }} |
| 186 | {{- end }} |
| 187 | {{- range $key, $value := .Values.udp }} |
| 188 | - name: {{ $key }}-udp |
| 189 | containerPort: {{ $key }} |
| 190 | protocol: UDP |
| 191 | {{- if $.Values.controller.hostPort.enabled }} |
| 192 | hostPort: {{ $key }} |
| 193 | {{- end }} |
| 194 | {{- end }} |
| 195 | {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled) }} |
| 196 | volumeMounts: |
| 197 | {{- if .Values.controller.customTemplate.configMapName }} |
| 198 | - mountPath: /etc/nginx/template |
| 199 | name: nginx-template-volume |
| 200 | readOnly: true |
| 201 | {{- end }} |
| 202 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 203 | - name: webhook-cert |
| 204 | mountPath: /usr/local/certificates/ |
| 205 | readOnly: true |
| 206 | {{- end }} |
| 207 | {{- if .Values.controller.extraVolumeMounts }} |
| 208 | {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} |
| 209 | {{- end }} |
| 210 | {{- end }} |
| 211 | {{- if .Values.controller.resources }} |
| 212 | resources: {{ toYaml .Values.controller.resources | nindent 12 }} |
| 213 | {{- end }} |
| 214 | {{- if .Values.controller.extraContainers }} |
| 215 | {{ toYaml .Values.controller.extraContainers | nindent 8 }} |
| 216 | {{- end }} |
| 217 | {{- if .Values.controller.extraInitContainers }} |
| 218 | initContainers: {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} |
| 219 | {{- end }} |
| 220 | {{- if .Values.controller.hostNetwork }} |
| 221 | hostNetwork: {{ .Values.controller.hostNetwork }} |
| 222 | {{- end }} |
| 223 | {{- if .Values.controller.nodeSelector }} |
| 224 | nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} |
| 225 | {{- end }} |
| 226 | {{- if .Values.controller.tolerations }} |
| 227 | tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} |
| 228 | {{- end }} |
| 229 | {{- if .Values.controller.affinity }} |
| 230 | affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} |
| 231 | {{- end }} |
| 232 | {{- if .Values.controller.topologySpreadConstraints }} |
| 233 | topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} |
| 234 | {{- end }} |
| 235 | serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} |
| 236 | terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} |
| 237 | {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes) }} |
| 238 | volumes: |
| 239 | {{- if .Values.controller.customTemplate.configMapName }} |
| 240 | - name: nginx-template-volume |
| 241 | configMap: |
| 242 | name: {{ .Values.controller.customTemplate.configMapName }} |
| 243 | items: |
| 244 | - key: {{ .Values.controller.customTemplate.configMapKey }} |
| 245 | path: nginx.tmpl |
| 246 | {{- end }} |
| 247 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 248 | - name: webhook-cert |
| 249 | secret: |
| 250 | secretName: {{ include "ingress-nginx.fullname" . }}-admission |
| 251 | {{- end }} |
| 252 | {{- if .Values.controller.extraVolumes }} |
| 253 | {{ toYaml .Values.controller.extraVolumes | nindent 8 }} |
| 254 | {{- end }} |
| 255 | {{- end }} |
| 256 | {{- end }} |