851 lines
35 KiB
Smarty
851 lines
35 KiB
Smarty
|
{{- define "traefik.podTemplate" }}
|
||
|
{{- $version := include "imageVersion" $ }}
|
||
|
metadata:
|
||
|
annotations:
|
||
|
{{- if .Values.deployment.podAnnotations }}
|
||
|
{{- tpl (toYaml .Values.deployment.podAnnotations) . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.metrics }}
|
||
|
{{- if and (.Values.metrics.prometheus) (not (.Values.metrics.prometheus.serviceMonitor).enabled) }}
|
||
|
prometheus.io/scrape: "true"
|
||
|
prometheus.io/path: "/metrics"
|
||
|
prometheus.io/port: {{ quote (index .Values.ports .Values.metrics.prometheus.entryPoint).port }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
labels:
|
||
|
{{- include "traefik.labels" . | nindent 8 -}}
|
||
|
{{- with .Values.deployment.podLabels }}
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
spec:
|
||
|
{{- with .Values.deployment.imagePullSecrets }}
|
||
|
imagePullSecrets:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
serviceAccountName: {{ include "traefik.serviceAccountName" . }}
|
||
|
automountServiceAccountToken: true
|
||
|
terminationGracePeriodSeconds: {{ default 60 .Values.deployment.terminationGracePeriodSeconds }}
|
||
|
hostNetwork: {{ .Values.hostNetwork }}
|
||
|
{{- with .Values.deployment.dnsPolicy }}
|
||
|
dnsPolicy: {{ . }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.deployment.dnsConfig }}
|
||
|
dnsConfig:
|
||
|
{{- if .searches }}
|
||
|
searches:
|
||
|
{{- toYaml .searches | nindent 10 }}
|
||
|
{{- end }}
|
||
|
{{- if .nameservers }}
|
||
|
nameservers:
|
||
|
{{- toYaml .nameservers | nindent 10 }}
|
||
|
{{- end }}
|
||
|
{{- if .options }}
|
||
|
options:
|
||
|
{{- toYaml .options | nindent 10 }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.deployment.hostAliases }}
|
||
|
hostAliases: {{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.deployment.initContainers }}
|
||
|
initContainers:
|
||
|
{{- toYaml . | nindent 6 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.deployment.shareProcessNamespace }}
|
||
|
shareProcessNamespace: true
|
||
|
{{- end }}
|
||
|
{{- with .Values.deployment.runtimeClassName }}
|
||
|
runtimeClassName: {{ . }}
|
||
|
{{- end }}
|
||
|
containers:
|
||
|
- image: {{ template "traefik.image-name" . }}
|
||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||
|
name: {{ template "traefik.fullname" . }}
|
||
|
resources:
|
||
|
{{- with .Values.resources }}
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
{{- if (and (empty .Values.ports.traefik) (empty .Values.deployment.healthchecksPort)) }}
|
||
|
{{- fail "ERROR: When disabling traefik port, you need to specify `deployment.healthchecksPort`" }}
|
||
|
{{- end }}
|
||
|
{{- $healthchecksPort := (default (.Values.ports.traefik).port .Values.deployment.healthchecksPort) }}
|
||
|
{{- $healthchecksHost := (default (.Values.ports.traefik).hostIP .Values.deployment.healthchecksHost) }}
|
||
|
{{- $healthchecksScheme := (default "HTTP" .Values.deployment.healthchecksScheme) }}
|
||
|
{{- $readinessPath := (default "/ping" .Values.deployment.readinessPath) }}
|
||
|
{{- $livenessPath := (default "/ping" .Values.deployment.livenessPath) }}
|
||
|
readinessProbe:
|
||
|
httpGet:
|
||
|
{{- with $healthchecksHost }}
|
||
|
host: {{ . }}
|
||
|
{{- end }}
|
||
|
path: {{ $readinessPath }}
|
||
|
port: {{ $healthchecksPort }}
|
||
|
scheme: {{ $healthchecksScheme }}
|
||
|
{{- toYaml .Values.readinessProbe | nindent 10 }}
|
||
|
livenessProbe:
|
||
|
httpGet:
|
||
|
{{- with $healthchecksHost }}
|
||
|
host: {{ . }}
|
||
|
{{- end }}
|
||
|
path: {{ $livenessPath }}
|
||
|
port: {{ $healthchecksPort }}
|
||
|
scheme: {{ $healthchecksScheme }}
|
||
|
{{- toYaml .Values.livenessProbe | nindent 10 }}
|
||
|
{{- with .Values.startupProbe}}
|
||
|
startupProbe:
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
lifecycle:
|
||
|
{{- with .Values.deployment.lifecycle }}
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
ports:
|
||
|
{{- $hostNetwork := .Values.hostNetwork }}
|
||
|
{{- range $name, $config := .Values.ports }}
|
||
|
{{- if $config }}
|
||
|
{{- if and $hostNetwork (and $config.hostPort $config.port) }}
|
||
|
{{- if ne ($config.hostPort | int) ($config.port | int) }}
|
||
|
{{- fail "ERROR: All hostPort must match their respective containerPort when `hostNetwork` is enabled" }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
- name: {{ $name | quote }}
|
||
|
containerPort: {{ default $config.port $config.containerPort }}
|
||
|
{{- if $config.hostPort }}
|
||
|
hostPort: {{ $config.hostPort }}
|
||
|
{{- end }}
|
||
|
{{- if $config.hostIP }}
|
||
|
hostIP: {{ $config.hostIP }}
|
||
|
{{- end }}
|
||
|
protocol: {{ default "TCP" $config.protocol | quote }}
|
||
|
{{- if ($config.http3).enabled }}
|
||
|
- name: "{{ $name }}-http3"
|
||
|
containerPort: {{ $config.port }}
|
||
|
{{- if $config.hostPort }}
|
||
|
hostPort: {{ default $config.hostPort $config.http3.advertisedPort }}
|
||
|
{{- end }}
|
||
|
protocol: UDP
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.hub.token }}
|
||
|
{{- $listenAddr := default ":9943" .Values.hub.apimanagement.admission.listenAddr }}
|
||
|
- name: admission
|
||
|
containerPort: {{ last (mustRegexSplit ":" $listenAddr 2) }}
|
||
|
protocol: TCP
|
||
|
{{- if .Values.hub.apimanagement.enabled }}
|
||
|
- name: apiportal
|
||
|
containerPort: 9903
|
||
|
protocol: TCP
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.securityContext }}
|
||
|
securityContext:
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
volumeMounts:
|
||
|
- name: {{ .Values.persistence.name }}
|
||
|
mountPath: {{ .Values.persistence.path }}
|
||
|
{{- if .Values.persistence.subPath }}
|
||
|
subPath: {{ .Values.persistence.subPath }}
|
||
|
{{- end }}
|
||
|
- name: tmp
|
||
|
mountPath: /tmp
|
||
|
{{- $root := . }}
|
||
|
{{- range .Values.volumes }}
|
||
|
- name: {{ tpl (.name) $root | replace "." "-" }}
|
||
|
mountPath: {{ .mountPath }}
|
||
|
readOnly: true
|
||
|
{{- end }}
|
||
|
{{- if gt (len .Values.experimental.plugins) 0 }}
|
||
|
- name: plugins
|
||
|
mountPath: "/plugins-storage"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.file.enabled }}
|
||
|
- name: traefik-extra-config
|
||
|
mountPath: "/etc/traefik/dynamic"
|
||
|
{{- end }}
|
||
|
{{- if .Values.additionalVolumeMounts }}
|
||
|
{{- toYaml .Values.additionalVolumeMounts | nindent 10 }}
|
||
|
{{- end }}
|
||
|
args:
|
||
|
{{- with .Values.globalArguments }}
|
||
|
{{- range . }}
|
||
|
- {{ . | quote }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- range $name, $config := .Values.ports }}
|
||
|
{{- if $config }}
|
||
|
- "--entryPoints.{{$name}}.address={{ $config.hostIP }}:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
|
||
|
{{- with $config.asDefault }}
|
||
|
- "--entryPoints.{{$name}}.asDefault={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
- "--api.dashboard=true"
|
||
|
- "--ping=true"
|
||
|
|
||
|
{{- with .Values.core }}
|
||
|
{{- with .defaultRuleSyntax }}
|
||
|
- "--core.defaultRuleSyntax={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- if .Values.metrics }}
|
||
|
{{- if .Values.metrics.addInternals }}
|
||
|
- "--metrics.addinternals"
|
||
|
{{- end }}
|
||
|
{{- with .Values.metrics.datadog }}
|
||
|
- "--metrics.datadog=true"
|
||
|
{{- with .address }}
|
||
|
- "--metrics.datadog.address={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .pushInterval }}
|
||
|
- "--metrics.datadog.pushInterval={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .prefix }}
|
||
|
- "--metrics.datadog.prefix={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- if ne .addRoutersLabels nil }}
|
||
|
{{- with .addRoutersLabels | toString }}
|
||
|
- "--metrics.datadog.addRoutersLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if ne .addEntryPointsLabels nil }}
|
||
|
{{- with .addEntryPointsLabels | toString }}
|
||
|
- "--metrics.datadog.addEntryPointsLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if ne .addServicesLabels nil }}
|
||
|
{{- with .addServicesLabels | toString }}
|
||
|
- "--metrics.datadog.addServicesLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- with .Values.metrics.influxdb2 }}
|
||
|
- "--metrics.influxdb2=true"
|
||
|
- "--metrics.influxdb2.address={{ .address }}"
|
||
|
- "--metrics.influxdb2.token={{ .token }}"
|
||
|
- "--metrics.influxdb2.org={{ .org }}"
|
||
|
- "--metrics.influxdb2.bucket={{ .bucket }}"
|
||
|
{{- with .pushInterval }}
|
||
|
- "--metrics.influxdb2.pushInterval={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- range $name, $value := .additionalLabels }}
|
||
|
- "--metrics.influxdb2.additionalLabels.{{ $name }}={{ $value }}"
|
||
|
{{- end }}
|
||
|
{{- if ne .addRoutersLabels nil }}
|
||
|
{{- with .addRoutersLabels | toString }}
|
||
|
- "--metrics.influxdb2.addRoutersLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if ne .addEntryPointsLabels nil }}
|
||
|
{{- with .addEntryPointsLabels | toString }}
|
||
|
- "--metrics.influxdb2.addEntryPointsLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if ne .addServicesLabels nil }}
|
||
|
{{- with .addServicesLabels | toString }}
|
||
|
- "--metrics.influxdb2.addServicesLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if (.Values.metrics.prometheus) }}
|
||
|
- "--metrics.prometheus=true"
|
||
|
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
|
||
|
{{- if (eq (.Values.metrics.prometheus.addRoutersLabels | toString) "true") }}
|
||
|
- "--metrics.prometheus.addRoutersLabels=true"
|
||
|
{{- end }}
|
||
|
{{- if ne .Values.metrics.prometheus.addEntryPointsLabels nil }}
|
||
|
{{- with .Values.metrics.prometheus.addEntryPointsLabels | toString }}
|
||
|
- "--metrics.prometheus.addEntryPointsLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if ne .Values.metrics.prometheus.addServicesLabels nil }}
|
||
|
{{- with .Values.metrics.prometheus.addServicesLabels| toString }}
|
||
|
- "--metrics.prometheus.addServicesLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.metrics.prometheus.buckets }}
|
||
|
- "--metrics.prometheus.buckets={{ .Values.metrics.prometheus.buckets }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.metrics.prometheus.manualRouting }}
|
||
|
- "--metrics.prometheus.manualrouting=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.metrics.statsd }}
|
||
|
- "--metrics.statsd=true"
|
||
|
- "--metrics.statsd.address={{ .address }}"
|
||
|
{{- with .pushInterval }}
|
||
|
- "--metrics.statsd.pushInterval={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .prefix }}
|
||
|
- "--metrics.statsd.prefix={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- if .addRoutersLabels}}
|
||
|
- "--metrics.statsd.addRoutersLabels=true"
|
||
|
{{- end }}
|
||
|
{{- if ne .addEntryPointsLabels nil }}
|
||
|
{{- with .addEntryPointsLabels | toString }}
|
||
|
- "--metrics.statsd.addEntryPointsLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if ne .addServicesLabels nil }}
|
||
|
{{- with .addServicesLabels | toString }}
|
||
|
- "--metrics.statsd.addServicesLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- end }}
|
||
|
|
||
|
{{- with .Values.metrics.otlp }}
|
||
|
{{- if .enabled }}
|
||
|
- "--metrics.otlp=true"
|
||
|
{{- if ne .addEntryPointsLabels nil }}
|
||
|
{{- with .addEntryPointsLabels | toString }}
|
||
|
- "--metrics.otlp.addEntryPointsLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if ne .addRoutersLabels nil }}
|
||
|
{{- with .addRoutersLabels | toString }}
|
||
|
- "--metrics.otlp.addRoutersLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if ne .addServicesLabels nil }}
|
||
|
{{- with .addServicesLabels | toString }}
|
||
|
- "--metrics.otlp.addServicesLabels={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .explicitBoundaries }}
|
||
|
- "--metrics.otlp.explicitBoundaries={{ join "," . }}"
|
||
|
{{- end }}
|
||
|
{{- with .pushInterval }}
|
||
|
- "--metrics.otlp.pushInterval={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .http }}
|
||
|
{{- if .enabled }}
|
||
|
- "--metrics.otlp.http=true"
|
||
|
{{- with .endpoint }}
|
||
|
- "--metrics.otlp.http.endpoint={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- range $name, $value := .headers }}
|
||
|
- "--metrics.otlp.http.headers.{{ $name }}={{ $value }}"
|
||
|
{{- end }}
|
||
|
{{- with .tls }}
|
||
|
{{- with .ca }}
|
||
|
- "--metrics.otlp.http.tls.ca={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .cert }}
|
||
|
- "--metrics.otlp.http.tls.cert={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .key }}
|
||
|
- "--metrics.otlp.http.tls.key={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .insecureSkipVerify }}
|
||
|
- "--metrics.otlp.http.tls.insecureSkipVerify={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .grpc }}
|
||
|
{{- if .enabled }}
|
||
|
- "--metrics.otlp.grpc=true"
|
||
|
{{- with .endpoint }}
|
||
|
- "--metrics.otlp.grpc.endpoint={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .insecure }}
|
||
|
- "--metrics.otlp.grpc.insecure={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- range $name, $value := .headers }}
|
||
|
- "--metrics.otlp.grpc.headers.{{ $name }}={{ $value }}"
|
||
|
{{- end }}
|
||
|
{{- with .tls }}
|
||
|
{{- with .ca }}
|
||
|
- "--metrics.otlp.grpc.tls.ca={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .cert }}
|
||
|
- "--metrics.otlp.grpc.tls.cert={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .key }}
|
||
|
- "--metrics.otlp.grpc.tls.key={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .insecureSkipVerify }}
|
||
|
- "--metrics.otlp.grpc.tls.insecureSkipVerify={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- if .Values.tracing.addInternals }}
|
||
|
- "--tracing.addinternals"
|
||
|
{{- end }}
|
||
|
|
||
|
{{- with .Values.tracing.otlp }}
|
||
|
{{- if .enabled }}
|
||
|
- "--tracing.otlp=true"
|
||
|
{{- with .http }}
|
||
|
{{- if .enabled }}
|
||
|
- "--tracing.otlp.http=true"
|
||
|
{{- with .endpoint }}
|
||
|
- "--tracing.otlp.http.endpoint={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- range $name, $value := .headers }}
|
||
|
- "--tracing.otlp.http.headers.{{ $name }}={{ $value }}"
|
||
|
{{- end }}
|
||
|
{{- with .tls }}
|
||
|
{{- with .ca }}
|
||
|
- "--tracing.otlp.http.tls.ca={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .cert }}
|
||
|
- "--tracing.otlp.http.tls.cert={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .key }}
|
||
|
- "--tracing.otlp.http.tls.key={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .insecureSkipVerify }}
|
||
|
- "--tracing.otlp.http.tls.insecureSkipVerify={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .grpc }}
|
||
|
{{- if .enabled }}
|
||
|
- "--tracing.otlp.grpc=true"
|
||
|
{{- with .endpoint }}
|
||
|
- "--tracing.otlp.grpc.endpoint={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .insecure }}
|
||
|
- "--tracing.otlp.grpc.insecure={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- range $name, $value := .headers }}
|
||
|
- "--tracing.otlp.grpc.headers.{{ $name }}={{ $value }}"
|
||
|
{{- end }}
|
||
|
{{- with .tls }}
|
||
|
{{- with .ca }}
|
||
|
- "--tracing.otlp.grpc.tls.ca={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .cert }}
|
||
|
- "--tracing.otlp.grpc.tls.cert={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .key }}
|
||
|
- "--tracing.otlp.grpc.tls.key={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .insecureSkipVerify }}
|
||
|
- "--tracing.otlp.grpc.tls.insecureSkipVerify={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- range $pluginName, $plugin := .Values.experimental.plugins }}
|
||
|
{{- if or (ne (typeOf $plugin) "map[string]interface {}") (not (hasKey $plugin "moduleName")) (not (hasKey $plugin "version")) }}
|
||
|
{{- fail (printf "ERROR: plugin %s is missing moduleName/version keys !" $pluginName) }}
|
||
|
{{- end }}
|
||
|
- "--experimental.plugins.{{ $pluginName }}.moduleName={{ $plugin.moduleName }}"
|
||
|
- "--experimental.plugins.{{ $pluginName }}.version={{ $plugin.version }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||
|
- "--providers.kubernetescrd"
|
||
|
{{- if .Values.providers.kubernetesCRD.labelSelector }}
|
||
|
- "--providers.kubernetescrd.labelSelector={{ .Values.providers.kubernetesCRD.labelSelector }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.ingressClass }}
|
||
|
- "--providers.kubernetescrd.ingressClass={{ .Values.providers.kubernetesCRD.ingressClass }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.allowCrossNamespace }}
|
||
|
- "--providers.kubernetescrd.allowCrossNamespace=true"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.allowExternalNameServices }}
|
||
|
- "--providers.kubernetescrd.allowExternalNameServices=true"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.allowEmptyServices }}
|
||
|
- "--providers.kubernetescrd.allowEmptyServices=true"
|
||
|
{{- end }}
|
||
|
{{- if and .Values.rbac.namespaced (semverCompare ">=3.1.2-0" $version) }}
|
||
|
- "--providers.kubernetescrd.disableClusterScopeResources=true"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.nativeLBByDefault }}
|
||
|
- "--providers.kubernetescrd.nativeLBByDefault=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||
|
- "--providers.kubernetesingress"
|
||
|
{{- if .Values.providers.kubernetesIngress.allowExternalNameServices }}
|
||
|
- "--providers.kubernetesingress.allowExternalNameServices=true"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.allowEmptyServices }}
|
||
|
- "--providers.kubernetesingress.allowEmptyServices=true"
|
||
|
{{- end }}
|
||
|
{{- if and .Values.service.enabled .Values.providers.kubernetesIngress.publishedService.enabled }}
|
||
|
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.labelSelector }}
|
||
|
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.ingressClass }}
|
||
|
- "--providers.kubernetesingress.ingressClass={{ .Values.providers.kubernetesIngress.ingressClass }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.rbac.namespaced }}
|
||
|
{{- if semverCompare "<3.1.5-0" $version }}
|
||
|
- "--providers.kubernetesingress.disableIngressClassLookup=true"
|
||
|
{{- if semverCompare ">=3.1.2-0" $version }}
|
||
|
- "--providers.kubernetesingress.disableClusterScopeResources=true"
|
||
|
{{- end }}
|
||
|
{{- else }}
|
||
|
- "--providers.kubernetesingress.disableClusterScopeResources=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.nativeLBByDefault }}
|
||
|
- "--providers.kubernetesingress.nativeLBByDefault=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.experimental.kubernetesGateway.enabled }}
|
||
|
- "--experimental.kubernetesgateway"
|
||
|
{{- end }}
|
||
|
{{- with .Values.providers.kubernetesCRD }}
|
||
|
{{- if (and .enabled (or .namespaces (and $.Values.rbac.enabled $.Values.rbac.namespaced))) }}
|
||
|
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" $ }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.providers.kubernetesGateway }}
|
||
|
{{- if .enabled }}
|
||
|
- "--providers.kubernetesgateway"
|
||
|
{{- with .statusAddress }}
|
||
|
{{- with .ip }}
|
||
|
- "--providers.kubernetesgateway.statusaddress.ip={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .hostname }}
|
||
|
- "--providers.kubernetesgateway.statusaddress.hostname={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .service }}
|
||
|
- "--providers.kubernetesgateway.statusaddress.service.name={{ tpl .name $ }}"
|
||
|
- "--providers.kubernetesgateway.statusaddress.service.namespace={{ tpl .namespace $ }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if or .namespaces (and $.Values.rbac.enabled $.Values.rbac.namespaced) }}
|
||
|
- "--providers.kubernetesgateway.namespaces={{ template "providers.kubernetesGateway.namespaces" $ }}"
|
||
|
{{- end }}
|
||
|
{{- if .experimentalChannel }}
|
||
|
- "--providers.kubernetesgateway.experimentalchannel=true"
|
||
|
{{- end }}
|
||
|
{{- with .labelselector }}
|
||
|
- "--providers.kubernetesgateway.labelselector={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.providers.kubernetesIngress }}
|
||
|
{{- if (and .enabled (or .namespaces (and $.Values.rbac.enabled $.Values.rbac.namespaced))) }}
|
||
|
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" $ }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.providers.file }}
|
||
|
{{- if .enabled }}
|
||
|
- "--providers.file.directory=/etc/traefik/dynamic"
|
||
|
{{- if .watch }}
|
||
|
- "--providers.file.watch=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- range $entrypoint, $config := $.Values.ports }}
|
||
|
{{- if $config }}
|
||
|
{{- if $config.redirectTo }}
|
||
|
{{- $toPort := index $.Values.ports $config.redirectTo.port }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}"
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||
|
{{- if $config.redirectTo.priority }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.priority={{ $config.redirectTo.priority }}"
|
||
|
{{- end }}
|
||
|
{{- if $config.redirectTo.permanent }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.redirections.entryPoint.permanent=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if $config.middlewares }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.middlewares={{ join "," $config.middlewares }}"
|
||
|
{{- end }}
|
||
|
{{- if $config.tls }}
|
||
|
{{- if $config.tls.enabled }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.tls=true"
|
||
|
{{- if $config.tls.options }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
|
||
|
{{- end }}
|
||
|
{{- if $config.tls.certResolver }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
|
||
|
{{- end }}
|
||
|
{{- if $config.tls.domains }}
|
||
|
{{- range $index, $domain := $config.tls.domains }}
|
||
|
{{- if $domain.main }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
|
||
|
{{- end }}
|
||
|
{{- if $domain.sans }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if $config.http3 }}
|
||
|
{{- if $config.http3.enabled }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http3"
|
||
|
{{- if $config.http3.advertisedPort }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.http3.advertisedPort={{ $config.http3.advertisedPort }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if $config.allowACMEByPass }}
|
||
|
{{- if (semverCompare "<3.1.3-0" $version) }}
|
||
|
{{- fail "ERROR: allowACMEByPass has been introduced with Traefik v3.1.3+" -}}
|
||
|
{{- end }}
|
||
|
- "--entryPoints.name.allowACMEByPass=true"
|
||
|
{{- end }}
|
||
|
{{- if $config.forwardedHeaders }}
|
||
|
{{- if $config.forwardedHeaders.trustedIPs }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
|
||
|
{{- end }}
|
||
|
{{- if $config.forwardedHeaders.insecure }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.forwardedHeaders.insecure"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if $config.proxyProtocol }}
|
||
|
{{- if $config.proxyProtocol.trustedIPs }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
|
||
|
{{- end }}
|
||
|
{{- if $config.proxyProtocol.insecure }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.proxyProtocol.insecure"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with $config.transport }}
|
||
|
{{- with .respondingTimeouts }}
|
||
|
{{- if and (ne .readTimeout nil) (toString .readTimeout) }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.readTimeout={{ .readTimeout }}"
|
||
|
{{- end }}
|
||
|
{{- if and (ne .writeTimeout nil) (toString .writeTimeout) }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.writeTimeout={{ .writeTimeout }}"
|
||
|
{{- end }}
|
||
|
{{- if and (ne .idleTimeout nil) (toString .idleTimeout) }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.transport.respondingTimeouts.idleTimeout={{ .idleTimeout }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .lifeCycle }}
|
||
|
{{- if and (ne .requestAcceptGraceTimeout nil) (toString .requestAcceptGraceTimeout) }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.transport.lifeCycle.requestAcceptGraceTimeout={{ .requestAcceptGraceTimeout }}"
|
||
|
{{- end }}
|
||
|
{{- if and (ne .graceTimeOut nil) (toString .graceTimeOut) }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.transport.lifeCycle.graceTimeOut={{ .graceTimeOut }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if and (ne .keepAliveMaxRequests nil) (toString .keepAliveMaxRequests) }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.transport.keepAliveMaxRequests={{ .keepAliveMaxRequests }}"
|
||
|
{{- end }}
|
||
|
{{- if and (ne .keepAliveMaxTime nil) (toString .keepAliveMaxTime) }}
|
||
|
- "--entryPoints.{{ $entrypoint }}.transport.keepAliveMaxTime={{ .keepAliveMaxTime }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.logs }}
|
||
|
{{- if and .general.format (not (has .general.format (list "common" "json"))) }}
|
||
|
{{- fail "ERROR: .Values.logs.general.format must be either common or json" }}
|
||
|
{{- end }}
|
||
|
{{- with .general.format }}
|
||
|
- "--log.format={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .general.filePath }}
|
||
|
- "--log.filePath={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- if and (or (eq .general.format "common") (not .general.format)) (eq .general.noColor true) }}
|
||
|
- "--log.noColor={{ .general.noColor }}"
|
||
|
{{- end }}
|
||
|
{{- with .general.level }}
|
||
|
- "--log.level={{ . | upper }}"
|
||
|
{{- end }}
|
||
|
{{- if .access.enabled }}
|
||
|
- "--accesslog=true"
|
||
|
{{- with .access.format }}
|
||
|
- "--accesslog.format={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .access.filePath }}
|
||
|
- "--accesslog.filepath={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- if .access.addInternals }}
|
||
|
- "--accesslog.addinternals"
|
||
|
{{- end }}
|
||
|
{{- with .access.bufferingSize }}
|
||
|
- "--accesslog.bufferingsize={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- with .access.filters }}
|
||
|
{{- with .statuscodes }}
|
||
|
- "--accesslog.filters.statuscodes={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- if .retryattempts }}
|
||
|
- "--accesslog.filters.retryattempts"
|
||
|
{{- end }}
|
||
|
{{- with .minduration }}
|
||
|
- "--accesslog.filters.minduration={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
|
||
|
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
|
||
|
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
|
||
|
{{- end }}
|
||
|
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
|
||
|
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
|
||
|
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- include "traefik.yaml2CommandLineArgs" (dict "path" "certificatesresolvers" "content" $.Values.certificatesResolvers) | nindent 10 }}
|
||
|
{{- with .Values.additionalArguments }}
|
||
|
{{- range . }}
|
||
|
- {{ . | quote }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.hub }}
|
||
|
{{- if .token }}
|
||
|
- "--hub.token=$(HUB_TOKEN)"
|
||
|
{{- if and (not .apimanagement.enabled) ($.Values.hub.apimanagement.admission.listenAddr) }}
|
||
|
{{- fail "ERROR: Cannot configure admission without enabling hub.apimanagement" }}
|
||
|
{{- end }}
|
||
|
{{- with .apimanagement }}
|
||
|
{{- if .enabled }}
|
||
|
{{- $listenAddr := default ":9943" .admission.listenAddr }}
|
||
|
- "--hub.apimanagement"
|
||
|
- "--hub.apimanagement.admission.listenAddr={{ $listenAddr }}"
|
||
|
{{- with .admission.secretName }}
|
||
|
- "--hub.apimanagement.admission.secretName={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .platformUrl }}
|
||
|
- "--hub.platformUrl={{ . }}"
|
||
|
{{- end -}}
|
||
|
{{- range $field, $value := .redis }}
|
||
|
{{- if has $field (list "cluster" "database" "endpoints" "username" "password" "timeout") -}}
|
||
|
{{- with $value }}
|
||
|
- "--hub.redis.{{ $field }}={{ $value }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- range $field, $value := .redis.sentinel }}
|
||
|
{{- if has $field (list "masterset" "password" "username") -}}
|
||
|
{{- with $value }}
|
||
|
- "--hub.redis.sentinel.{{ $field }}={{ $value }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- range $field, $value := .redis.tls }}
|
||
|
{{- if has $field (list "ca" "cert" "insecureSkipVerify" "key") -}}
|
||
|
{{- with $value }}
|
||
|
- "--hub.redis.tls.{{ $field }}={{ $value }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .sendlogs }}
|
||
|
- "--hub.sendlogs={{ . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
env:
|
||
|
- name: POD_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.name
|
||
|
- name: POD_NAMESPACE
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.namespace
|
||
|
{{- if ($.Values.resources.limits).cpu }}
|
||
|
- name: GOMAXPROCS
|
||
|
valueFrom:
|
||
|
resourceFieldRef:
|
||
|
resource: limits.cpu
|
||
|
divisor: '1'
|
||
|
{{- end }}
|
||
|
{{- if ($.Values.resources.limits).memory }}
|
||
|
- name: GOMEMLIMIT
|
||
|
valueFrom:
|
||
|
resourceFieldRef:
|
||
|
resource: limits.memory
|
||
|
divisor: '1'
|
||
|
{{- end }}
|
||
|
{{- with .Values.hub.token }}
|
||
|
- name: HUB_TOKEN
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
name: {{ . }}
|
||
|
key: token
|
||
|
{{- end }}
|
||
|
{{- with .Values.env }}
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.envFrom }}
|
||
|
envFrom:
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.deployment.additionalContainers }}
|
||
|
{{- toYaml .Values.deployment.additionalContainers | nindent 6 }}
|
||
|
{{- end }}
|
||
|
volumes:
|
||
|
- name: {{ .Values.persistence.name }}
|
||
|
{{- if .Values.persistence.enabled }}
|
||
|
persistentVolumeClaim:
|
||
|
claimName: {{ default (include "traefik.fullname" .) .Values.persistence.existingClaim }}
|
||
|
{{- else }}
|
||
|
emptyDir: {}
|
||
|
{{- end }}
|
||
|
- name: tmp
|
||
|
emptyDir: {}
|
||
|
{{- $root := . }}
|
||
|
{{- range .Values.volumes }}
|
||
|
- name: {{ tpl (.name) $root | replace "." "-" }}
|
||
|
{{- if eq .type "secret" }}
|
||
|
secret:
|
||
|
secretName: {{ tpl (.name) $root }}
|
||
|
{{- else if eq .type "configMap" }}
|
||
|
configMap:
|
||
|
name: {{ tpl (.name) $root }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.deployment.additionalVolumes }}
|
||
|
{{- toYaml .Values.deployment.additionalVolumes | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if gt (len .Values.experimental.plugins) 0 }}
|
||
|
- name: plugins
|
||
|
emptyDir: {}
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.file.enabled }}
|
||
|
- name: traefik-extra-config
|
||
|
configMap:
|
||
|
name: {{ template "traefik.fullname" . }}-file-provider
|
||
|
{{- end }}
|
||
|
{{- if .Values.affinity }}
|
||
|
affinity:
|
||
|
{{- tpl (toYaml .Values.affinity) . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.tolerations }}
|
||
|
tolerations:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.nodeSelector }}
|
||
|
nodeSelector:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.priorityClassName }}
|
||
|
priorityClassName: {{ .Values.priorityClassName }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.podSecurityContext }}
|
||
|
securityContext:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.topologySpreadConstraints }}
|
||
|
{{- if (semverCompare "<1.19.0-0" .Capabilities.KubeVersion.Version) }}
|
||
|
{{- fail "ERROR: topologySpreadConstraints are supported only on kubernetes >= v1.19" -}}
|
||
|
{{- end }}
|
||
|
topologySpreadConstraints:
|
||
|
{{- tpl (toYaml .Values.topologySpreadConstraints) . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{ end -}}
|