| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 1 | {{- if or (eq .Values.controller.kind "DaemonSet") (eq .Values.controller.kind "Both") -}} |
| 2 | {{- include "isControllerTagValid" . -}} |
| 3 | apiVersion: apps/v1 |
| 4 | kind: DaemonSet |
| 5 | metadata: |
| 6 | labels: |
| 7 | {{- include "ingress-nginx.labels" . | nindent 4 }} |
| 8 | app.kubernetes.io/component: controller |
| 9 | {{- with .Values.controller.labels }} |
| 10 | {{- toYaml . | nindent 4 }} |
| 11 | {{- end }} |
| 12 | name: {{ include "ingress-nginx.controller.fullname" . }} |
| 13 | namespace: {{ .Release.Namespace }} |
| 14 | {{- if .Values.controller.annotations }} |
| 15 | annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} |
| 16 | {{- end }} |
| 17 | spec: |
| 18 | selector: |
| 19 | matchLabels: |
| 20 | {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} |
| 21 | app.kubernetes.io/component: controller |
| 22 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} |
| 23 | {{- if .Values.controller.updateStrategy }} |
| 24 | updateStrategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }} |
| 25 | {{- end }} |
| 26 | minReadySeconds: {{ .Values.controller.minReadySeconds }} |
| 27 | template: |
| 28 | metadata: |
| 29 | {{- if .Values.controller.podAnnotations }} |
| 30 | annotations: |
| 31 | {{- range $key, $value := .Values.controller.podAnnotations }} |
| 32 | {{ $key }}: {{ $value | quote }} |
| 33 | {{- end }} |
| 34 | {{- end }} |
| 35 | labels: |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 36 | {{- include "ingress-nginx.labels" . | nindent 8 }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 37 | app.kubernetes.io/component: controller |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 38 | {{- with .Values.controller.labels }} |
| 39 | {{- toYaml . | nindent 8 }} |
| 40 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 41 | {{- if .Values.controller.podLabels }} |
| 42 | {{- toYaml .Values.controller.podLabels | nindent 8 }} |
| 43 | {{- end }} |
| 44 | spec: |
| 45 | {{- if .Values.controller.dnsConfig }} |
| 46 | dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} |
| 47 | {{- end }} |
| 48 | {{- if .Values.controller.hostname }} |
| 49 | hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} |
| 50 | {{- end }} |
| 51 | dnsPolicy: {{ .Values.controller.dnsPolicy }} |
| 52 | {{- if .Values.imagePullSecrets }} |
| 53 | imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} |
| 54 | {{- end }} |
| 55 | {{- if .Values.controller.priorityClassName }} |
| Giorgi Lekveishvili | 0048a78 | 2023-06-20 18:32:21 +0400 | [diff] [blame] | 56 | priorityClassName: {{ .Values.controller.priorityClassName | quote }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 57 | {{- end }} |
| 58 | {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} |
| 59 | securityContext: |
| 60 | {{- end }} |
| Giorgi Lekveishvili | 0048a78 | 2023-06-20 18:32:21 +0400 | [diff] [blame] | 61 | {{- if .Values.controller.podSecurityContext }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 62 | {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} |
| 63 | {{- end }} |
| 64 | {{- if .Values.controller.sysctls }} |
| 65 | sysctls: |
| 66 | {{- range $sysctl, $value := .Values.controller.sysctls }} |
| 67 | - name: {{ $sysctl | quote }} |
| 68 | value: {{ $value | quote }} |
| 69 | {{- end }} |
| 70 | {{- end }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 71 | {{- if .Values.controller.shareProcessNamespace }} |
| 72 | shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} |
| 73 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 74 | containers: |
| 75 | - name: {{ .Values.controller.containerName }} |
| 76 | {{- with .Values.controller.image }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 77 | image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 78 | {{- end }} |
| 79 | imagePullPolicy: {{ .Values.controller.image.pullPolicy }} |
| 80 | {{- if .Values.controller.lifecycle }} |
| 81 | lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} |
| 82 | {{- end }} |
| 83 | args: |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 84 | {{- include "ingress-nginx.params" . | nindent 12 }} |
| 85 | securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 86 | env: |
| 87 | - name: POD_NAME |
| 88 | valueFrom: |
| 89 | fieldRef: |
| 90 | fieldPath: metadata.name |
| 91 | - name: POD_NAMESPACE |
| 92 | valueFrom: |
| 93 | fieldRef: |
| 94 | fieldPath: metadata.namespace |
| 95 | {{- if .Values.controller.enableMimalloc }} |
| 96 | - name: LD_PRELOAD |
| 97 | value: /usr/local/lib/libmimalloc.so |
| 98 | {{- end }} |
| 99 | {{- if .Values.controller.extraEnvs }} |
| 100 | {{- toYaml .Values.controller.extraEnvs | nindent 12 }} |
| 101 | {{- end }} |
| 102 | {{- if .Values.controller.startupProbe }} |
| 103 | startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} |
| 104 | {{- end }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 105 | {{- if .Values.controller.livenessProbe }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 106 | livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 107 | {{- end }} |
| 108 | {{- if .Values.controller.readinessProbe }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 109 | readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 110 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 111 | ports: |
| 112 | {{- range $key, $value := .Values.controller.containerPort }} |
| 113 | - name: {{ $key }} |
| 114 | containerPort: {{ $value }} |
| 115 | protocol: TCP |
| 116 | {{- if $.Values.controller.hostPort.enabled }} |
| 117 | hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} |
| 118 | {{- end }} |
| 119 | {{- end }} |
| 120 | {{- if .Values.controller.metrics.enabled }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 121 | - name: {{ .Values.controller.metrics.portName }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 122 | containerPort: {{ .Values.controller.metrics.port }} |
| 123 | protocol: TCP |
| 124 | {{- end }} |
| 125 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 126 | - name: webhook |
| 127 | containerPort: {{ .Values.controller.admissionWebhooks.port }} |
| 128 | protocol: TCP |
| 129 | {{- end }} |
| 130 | {{- range $key, $value := .Values.tcp }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 131 | - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 132 | containerPort: {{ $key }} |
| 133 | protocol: TCP |
| 134 | {{- if $.Values.controller.hostPort.enabled }} |
| 135 | hostPort: {{ $key }} |
| 136 | {{- end }} |
| 137 | {{- end }} |
| 138 | {{- range $key, $value := .Values.udp }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 139 | - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 140 | containerPort: {{ $key }} |
| 141 | protocol: UDP |
| 142 | {{- if $.Values.controller.hostPort.enabled }} |
| 143 | hostPort: {{ $key }} |
| 144 | {{- end }} |
| 145 | {{- end }} |
| Giorgi Lekveishvili | 0048a78 | 2023-06-20 18:32:21 +0400 | [diff] [blame] | 146 | {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 147 | volumeMounts: |
| Giorgi Lekveishvili | 0048a78 | 2023-06-20 18:32:21 +0400 | [diff] [blame] | 148 | {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 149 | - name: modules |
| Giorgi Lekveishvili | 0048a78 | 2023-06-20 18:32:21 +0400 | [diff] [blame] | 150 | {{ if .Values.controller.image.chroot }} |
| 151 | mountPath: /chroot/modules_mount |
| 152 | {{ else }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 153 | mountPath: /modules_mount |
| Giorgi Lekveishvili | 0048a78 | 2023-06-20 18:32:21 +0400 | [diff] [blame] | 154 | {{ end }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 155 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 156 | {{- if .Values.controller.customTemplate.configMapName }} |
| 157 | - mountPath: /etc/nginx/template |
| 158 | name: nginx-template-volume |
| 159 | readOnly: true |
| 160 | {{- end }} |
| 161 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 162 | - name: webhook-cert |
| 163 | mountPath: /usr/local/certificates/ |
| 164 | readOnly: true |
| 165 | {{- end }} |
| 166 | {{- if .Values.controller.extraVolumeMounts }} |
| 167 | {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} |
| 168 | {{- end }} |
| 169 | {{- end }} |
| 170 | {{- if .Values.controller.resources }} |
| 171 | resources: {{ toYaml .Values.controller.resources | nindent 12 }} |
| 172 | {{- end }} |
| 173 | {{- if .Values.controller.extraContainers }} |
| 174 | {{ toYaml .Values.controller.extraContainers | nindent 8 }} |
| 175 | {{- end }} |
| Giorgi Lekveishvili | 0048a78 | 2023-06-20 18:32:21 +0400 | [diff] [blame] | 176 | {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 177 | initContainers: |
| 178 | {{- if .Values.controller.extraInitContainers }} |
| 179 | {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} |
| 180 | {{- end }} |
| 181 | {{- if .Values.controller.extraModules }} |
| 182 | {{- range .Values.controller.extraModules }} |
| 183 | {{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} |
| 184 | {{ include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | indent 8 }} |
| 185 | {{- end }} |
| 186 | {{- end }} |
| 187 | {{- if .Values.controller.opentelemetry.enabled}} |
| 188 | {{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }} |
| 189 | {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}} |
| 190 | {{- end}} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 191 | {{- end }} |
| 192 | {{- if .Values.controller.hostNetwork }} |
| 193 | hostNetwork: {{ .Values.controller.hostNetwork }} |
| 194 | {{- end }} |
| 195 | {{- if .Values.controller.nodeSelector }} |
| 196 | nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} |
| 197 | {{- end }} |
| 198 | {{- if .Values.controller.tolerations }} |
| 199 | tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} |
| 200 | {{- end }} |
| 201 | {{- if .Values.controller.affinity }} |
| 202 | affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} |
| 203 | {{- end }} |
| 204 | {{- if .Values.controller.topologySpreadConstraints }} |
| 205 | topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} |
| 206 | {{- end }} |
| 207 | serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} |
| 208 | terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 209 | {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 210 | volumes: |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 211 | {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}} |
| 212 | - name: modules |
| 213 | emptyDir: {} |
| 214 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 215 | {{- if .Values.controller.customTemplate.configMapName }} |
| 216 | - name: nginx-template-volume |
| 217 | configMap: |
| 218 | name: {{ .Values.controller.customTemplate.configMapName }} |
| 219 | items: |
| 220 | - key: {{ .Values.controller.customTemplate.configMapKey }} |
| 221 | path: nginx.tmpl |
| 222 | {{- end }} |
| 223 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 224 | - name: webhook-cert |
| 225 | secret: |
| 226 | secretName: {{ include "ingress-nginx.fullname" . }}-admission |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 227 | {{- if .Values.controller.admissionWebhooks.certManager.enabled }} |
| 228 | items: |
| 229 | - key: tls.crt |
| 230 | path: cert |
| 231 | - key: tls.key |
| 232 | path: key |
| 233 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 234 | {{- end }} |
| 235 | {{- if .Values.controller.extraVolumes }} |
| 236 | {{ toYaml .Values.controller.extraVolumes | nindent 8 }} |
| 237 | {{- end }} |
| 238 | {{- end }} |
| 239 | {{- end }} |