216 lines
5.8 KiB
YAML
216 lines
5.8 KiB
YAML
{{- if (eq .Values.controller "traefik") }}
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: traefik
|
|
spec:
|
|
chart:
|
|
spec:
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: traefik
|
|
chart: traefik
|
|
install:
|
|
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
|
|
test:
|
|
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
|
|
upgrade:
|
|
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
|
|
driftDetection:
|
|
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
|
|
interval: 10m
|
|
values:
|
|
globalArguments:
|
|
- "--global.checknewversion=false"
|
|
- "--global.sendanonymoususage=false"
|
|
deployment:
|
|
enabled: {{ toYaml (not .Values.external) }}
|
|
kind: DaemonSet
|
|
{{- if .Values.hostNetwork }}
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
{{- end }}
|
|
podAnnotations:
|
|
{{- if .Values.traefik.logs.metrics }}
|
|
checksum/vector-config: {{ include (print $.Template.BasePath "/traefik/vector/configmap.yaml") $ | sha256sum }}
|
|
{{- if .Values.traefik.logs.geoip.enabled }}
|
|
initContainers:
|
|
- name: "download-geoip"
|
|
image: "alpine"
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
cd /usr/share/GeoIP
|
|
wget -O geoip-db.mmdb {{ .Values.traefik.logs.geoip.url | quote}}
|
|
# gunzip geoip-db.mmdb.gz
|
|
volumeMounts:
|
|
- mountPath: "/usr/share/GeoIP"
|
|
name: geoip
|
|
{{- end }}
|
|
additionalContainers:
|
|
- name: "vector"
|
|
image: docker.io/timberio/vector:0.45.0-debian
|
|
args:
|
|
- --watch-config
|
|
- --watch-config-method
|
|
- poll
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: vector-api
|
|
volumeMounts:
|
|
- mountPath: "/etc/vector/vector.yaml"
|
|
subPath: "vector.yaml"
|
|
name: vector-config
|
|
readOnly: true
|
|
{{- if .Values.traefik.logs.geoip.enabled }}
|
|
- mountPath: "/usr/share/GeoIP"
|
|
name: geoip
|
|
{{- end }}
|
|
ports:
|
|
- name: vector-api
|
|
containerPort: 8686
|
|
protocol: TCP
|
|
- name: vector-metrics
|
|
containerPort: 9116
|
|
protocol: TCP
|
|
additionalVolumes:
|
|
- name: vector-config
|
|
configMap:
|
|
name: traefik-vector
|
|
{{- if .Values.traefik.logs.geoip.enabled }}
|
|
- name: geoip
|
|
empty: {}
|
|
{{- end }}
|
|
{{- end }}
|
|
hostNetwork: {{ .Values.hostNetwork }}
|
|
updateStrategy:
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
maxSurge: 0
|
|
|
|
service:
|
|
enabled: false
|
|
ipFamilyPolicy: PreferDualStack
|
|
ipFamilies:
|
|
- IPv6
|
|
- IPv4
|
|
|
|
additionalArguments:
|
|
{{- with .Values.traefik.additionalArguments }}
|
|
{{- toYaml . | nindent 6 }}
|
|
{{- end }}
|
|
{{- if .Values.traefik.logs.metrics }}
|
|
- --experimental.otlpLogs=true
|
|
- --accesslog=true
|
|
- --accesslog.otlp=true
|
|
- --accesslog.otlp.grpc=true
|
|
- --accesslog.otlp.grpc.endpoint=localhost:4317
|
|
- --accesslog.otlp.grpc.insecure=true
|
|
{{- end }}
|
|
|
|
tolerations:
|
|
- key: "CriticalAddonsOnly"
|
|
operator: "Exists"
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: "Exists"
|
|
effect: "NoSchedule"
|
|
- key: "node-role.kubernetes.io/master"
|
|
operator: "Exists"
|
|
effect: "NoSchedule"
|
|
|
|
priorityClassName: "system-cluster-critical"
|
|
|
|
|
|
ports:
|
|
metrics:
|
|
port: 9111
|
|
web:
|
|
hostPort: 80
|
|
{{- if .Values.hostNetwork }}
|
|
port: 80
|
|
{{- end }}
|
|
asDefault: true
|
|
websecure:
|
|
hostPort: 443
|
|
{{- if .Values.hostNetwork }}
|
|
port: 443
|
|
{{- end }}
|
|
asDefault: true
|
|
http3:
|
|
enabled: true
|
|
{{- with .Values.traefik.ports }}
|
|
{{- toYaml . | nindent 6 }}
|
|
{{- end }}
|
|
gateway:
|
|
listeners:
|
|
web:
|
|
port: 80
|
|
{{- if .Values.hostNetwork }}
|
|
podSecurityContext: null
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- "NET_BIND_SERVICE"
|
|
{{- end }}
|
|
|
|
providers:
|
|
kubernetesIngress:
|
|
publishedService:
|
|
enabled: true
|
|
kubernetesGateway:
|
|
enabled: true
|
|
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: {{ toYaml (not .Values.external) }}
|
|
matchRule: Host(`lb.{{ .Values.commons.ingress.domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
|
|
entryPoints:
|
|
- "traefik"
|
|
- "websecure"
|
|
|
|
{{- if .Values.external }}
|
|
hub:
|
|
enabled: false
|
|
ingressClass:
|
|
enabled: false
|
|
isDefaultClass: true
|
|
rbac:
|
|
enabled: false
|
|
{{- else }}
|
|
logs:
|
|
general:
|
|
format: "json"
|
|
level: WARN
|
|
access:
|
|
enabled: {{ toYaml (and .Values.logs.access (not .Values.traefik.logs.metrics)) }}
|
|
format: "json"
|
|
{{- end }}
|
|
|
|
metrics:
|
|
prometheus:
|
|
{{- if (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
|
|
service:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
additionalLabels:
|
|
{{- toYaml $.Values.commons.prometheus.monitor.labels | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.commons.tracing.enabled }}
|
|
tracing:
|
|
otlp:
|
|
enabled: true
|
|
{{- if .Values.commons.tracing.grpc.enabled }}
|
|
grpc:
|
|
enabled: true
|
|
insecure: {{ .Values.commons.tracing.grpc.insecure }}
|
|
endpoint: {{ .Values.commons.tracing.grpc.endpoint }}
|
|
{{- else }}
|
|
http:
|
|
enabled: true
|
|
endpoint: {{ .Values.commons.tracing.http.endpoint }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|