341 lines
14 KiB
Smarty
341 lines
14 KiB
Smarty
|
{{- define "traefik.podTemplate" }}
|
||
|
metadata:
|
||
|
annotations:
|
||
|
{{- with .Values.deployment.podAnnotations }}
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.metrics }}
|
||
|
{{- if .Values.metrics.prometheus }}
|
||
|
prometheus.io/scrape: "true"
|
||
|
prometheus.io/path: "/metrics"
|
||
|
prometheus.io/port: {{ quote (index .Values.ports .Values.metrics.prometheus.entryPoint).port }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
labels:
|
||
|
app.kubernetes.io/name: {{ template "traefik.name" . }}
|
||
|
helm.sh/chart: {{ template "traefik.chart" . }}
|
||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||
|
{{- with .Values.deployment.podLabels }}
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
spec:
|
||
|
{{- with .Values.deployment.imagePullSecrets }}
|
||
|
imagePullSecrets:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
serviceAccountName: {{ include "traefik.serviceAccountName" . }}
|
||
|
terminationGracePeriodSeconds: {{ default 60 .Values.deployment.terminationGracePeriodSeconds }}
|
||
|
hostNetwork: {{ .Values.hostNetwork }}
|
||
|
{{- with .Values.deployment.dnsPolicy }}
|
||
|
dnsPolicy: {{ . }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.deployment.initContainers }}
|
||
|
initContainers:
|
||
|
{{- toYaml . | nindent 6 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.deployment.shareProcessNamespace }}
|
||
|
shareProcessNamespace: true
|
||
|
{{- end }}
|
||
|
containers:
|
||
|
- image: "{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}"
|
||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||
|
name: {{ template "traefik.fullname" . }}
|
||
|
resources:
|
||
|
{{- with .Values.resources }}
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
readinessProbe:
|
||
|
httpGet:
|
||
|
path: /ping
|
||
|
port: {{ default .Values.ports.traefik.port .Values.ports.traefik.healthchecksPort }}
|
||
|
{{- toYaml .Values.readinessProbe | nindent 10 }}
|
||
|
livenessProbe:
|
||
|
httpGet:
|
||
|
path: /ping
|
||
|
port: {{ default .Values.ports.traefik.port .Values.ports.traefik.healthchecksPort }}
|
||
|
{{- toYaml .Values.livenessProbe | nindent 10 }}
|
||
|
ports:
|
||
|
{{- range $name, $config := .Values.ports }}
|
||
|
{{- if $config }}
|
||
|
- name: {{ $name | quote }}
|
||
|
containerPort: {{ $config.port }}
|
||
|
{{- if $config.hostPort }}
|
||
|
hostPort: {{ $config.hostPort }}
|
||
|
{{- end }}
|
||
|
{{- if $config.hostIP }}
|
||
|
hostIP: {{ $config.hostIP }}
|
||
|
{{- end }}
|
||
|
protocol: {{ default "TCP" $config.protocol | quote }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.securityContext }}
|
||
|
securityContext:
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
volumeMounts:
|
||
|
- name: {{ .Values.persistence.name }}
|
||
|
mountPath: {{ .Values.persistence.path }}
|
||
|
{{- if .Values.persistence.subPath }}
|
||
|
subPath: {{ .Values.persistence.subPath }}
|
||
|
{{- end }}
|
||
|
- name: tmp
|
||
|
mountPath: /tmp
|
||
|
{{- $root := . }}
|
||
|
{{- range .Values.volumes }}
|
||
|
- name: {{ tpl (.name) $root }}
|
||
|
mountPath: {{ .mountPath }}
|
||
|
readOnly: true
|
||
|
{{- end }}
|
||
|
{{- if .Values.experimental.plugins.enabled }}
|
||
|
- name: plugins
|
||
|
mountPath: "/plugins-storage"
|
||
|
{{- end }}
|
||
|
{{- if .Values.additionalVolumeMounts }}
|
||
|
{{- toYaml .Values.additionalVolumeMounts | nindent 10 }}
|
||
|
{{- end }}
|
||
|
args:
|
||
|
{{- with .Values.globalArguments }}
|
||
|
{{- range . }}
|
||
|
- {{ . | quote }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- range $name, $config := .Values.ports }}
|
||
|
{{- if $config }}
|
||
|
- "--entrypoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
- "--api.dashboard=true"
|
||
|
- "--ping=true"
|
||
|
{{- if .Values.metrics }}
|
||
|
{{- if .Values.metrics.datadog }}
|
||
|
- "--metrics.datadog=true"
|
||
|
- "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.metrics.influxdb }}
|
||
|
- "--metrics.influxdb=true"
|
||
|
- "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
|
||
|
- "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.metrics.prometheus }}
|
||
|
- "--metrics.prometheus=true"
|
||
|
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
|
||
|
{{- if .Values.metrics.prometheus.addRoutersLabels }}
|
||
|
- "--metrics.prometheus.addRoutersLabels=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.metrics.statsd }}
|
||
|
- "--metrics.statsd=true"
|
||
|
- "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.tracing }}
|
||
|
{{- if .Values.tracing.instana }}
|
||
|
- "--tracing.instana=true"
|
||
|
{{- end }}
|
||
|
{{- if .Values.tracing.datadog }}
|
||
|
- "--tracing.datadog=true"
|
||
|
{{- if .Values.tracing.datadog.localAgentHostPort }}
|
||
|
- "--tracing.datadog.localAgentHostPort={{ .Values.tracing.datadog.localAgentHostPort }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.tracing.datadog.debug }}
|
||
|
- "--tracing.datadog.debug=true"
|
||
|
{{- end }}
|
||
|
{{- if .Values.tracing.datadog.globalTag }}
|
||
|
- "--tracing.datadog.globalTag={{ .Values.tracing.datadog.globalTag }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.tracing.datadog.prioritySampling }}
|
||
|
- "--tracing.datadog.prioritySampling=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||
|
- "--providers.kubernetescrd"
|
||
|
{{- if .Values.providers.kubernetesCRD.labelSelector }}
|
||
|
- "--providers.kubernetescrd.labelSelector={{ .Values.providers.kubernetesCRD.labelSelector }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.ingressClass }}
|
||
|
- "--providers.kubernetescrd.ingressClass={{ .Values.providers.kubernetesCRD.ingressClass }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.allowCrossNamespace }}
|
||
|
- "--providers.kubernetescrd.allowCrossNamespace=true"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesCRD.allowExternalNameServices }}
|
||
|
- "--providers.kubernetescrd.allowExternalNameServices=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||
|
- "--providers.kubernetesingress"
|
||
|
{{- if .Values.providers.kubernetesIngress.allowExternalNameServices }}
|
||
|
- "--providers.kubernetesingress.allowExternalNameServices=true"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.allowEmptyServices }}
|
||
|
- "--providers.kubernetesingress.allowEmptyServices=true"
|
||
|
{{- end }}
|
||
|
{{- if and .Values.service.enabled .Values.providers.kubernetesIngress.publishedService.enabled }}
|
||
|
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.labelSelector }}
|
||
|
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.ingressClass }}
|
||
|
- "--providers.kubernetesingress.ingressClass={{ .Values.providers.kubernetesIngress.ingressClass }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.experimental.kubernetesGateway.enabled }}
|
||
|
- "--providers.kubernetesgateway"
|
||
|
- "--experimental.kubernetesgateway"
|
||
|
{{- end }}
|
||
|
{{- if .Values.experimental.http3.enabled }}
|
||
|
- "--experimental.http3=true"
|
||
|
{{- end }}
|
||
|
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
|
||
|
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||
|
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
|
||
|
{{- end }}
|
||
|
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||
|
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- range $entrypoint, $config := $.Values.ports }}
|
||
|
{{- if $config.redirectTo }}
|
||
|
{{- $toPort := index $.Values.ports $config.redirectTo }}
|
||
|
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}"
|
||
|
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||
|
{{- end }}
|
||
|
{{- if $config.tls }}
|
||
|
{{- if $config.tls.enabled }}
|
||
|
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
|
||
|
{{- if $config.tls.options }}
|
||
|
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
|
||
|
{{- end }}
|
||
|
{{- if $config.tls.certResolver }}
|
||
|
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
|
||
|
{{- end }}
|
||
|
{{- if $config.tls.domains }}
|
||
|
{{- range $index, $domain := $config.tls.domains }}
|
||
|
{{- if $domain.main }}
|
||
|
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
|
||
|
{{- end }}
|
||
|
{{- if $domain.sans }}
|
||
|
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if $config.http3 }}
|
||
|
{{- if semverCompare ">=2.6.0" (default $.Chart.AppVersion $.Values.image.tag)}}
|
||
|
- "--entrypoints.{{ $entrypoint }}.http3.advertisedPort={{ default $config.port $config.exposedPort }}"
|
||
|
{{- else }}
|
||
|
- "--entrypoints.{{ $entrypoint }}.enableHTTP3=true"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.logs }}
|
||
|
{{- if .general.format }}
|
||
|
- "--log.format={{ .general.format }}"
|
||
|
{{- end }}
|
||
|
{{- if ne .general.level "ERROR" }}
|
||
|
- "--log.level={{ .general.level | upper }}"
|
||
|
{{- end }}
|
||
|
{{- if .access.enabled }}
|
||
|
- "--accesslog=true"
|
||
|
{{- if .access.format }}
|
||
|
- "--accesslog.format={{ .access.format }}"
|
||
|
{{- end }}
|
||
|
{{- if .access.bufferingsize }}
|
||
|
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
|
||
|
{{- end }}
|
||
|
{{- if .access.filters }}
|
||
|
{{- if .access.filters.statuscodes }}
|
||
|
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
|
||
|
{{- end }}
|
||
|
{{- if .access.filters.retryattempts }}
|
||
|
- "--accesslog.filters.retryattempts"
|
||
|
{{- end }}
|
||
|
{{- if .access.filters.minduration }}
|
||
|
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
|
||
|
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
|
||
|
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
|
||
|
{{- end }}
|
||
|
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
|
||
|
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
|
||
|
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.pilot.enabled }}
|
||
|
- "--pilot.token={{ .Values.pilot.token }}"
|
||
|
{{- end }}
|
||
|
{{- if hasKey .Values.pilot "dashboard" }}
|
||
|
- "--pilot.dashboard={{ .Values.pilot.dashboard }}"
|
||
|
{{- end }}
|
||
|
{{- with .Values.additionalArguments }}
|
||
|
{{- range . }}
|
||
|
- {{ . | quote }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.env }}
|
||
|
env:
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.envFrom }}
|
||
|
envFrom:
|
||
|
{{- toYaml . | nindent 10 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.deployment.additionalContainers }}
|
||
|
{{- toYaml .Values.deployment.additionalContainers | nindent 6 }}
|
||
|
{{- end }}
|
||
|
volumes:
|
||
|
- name: {{ .Values.persistence.name }}
|
||
|
{{- if .Values.persistence.enabled }}
|
||
|
persistentVolumeClaim:
|
||
|
claimName: {{ default (include "traefik.fullname" .) .Values.persistence.existingClaim }}
|
||
|
{{- else }}
|
||
|
emptyDir: {}
|
||
|
{{- end }}
|
||
|
- name: tmp
|
||
|
emptyDir: {}
|
||
|
{{- $root := . }}
|
||
|
{{- range .Values.volumes }}
|
||
|
- name: {{ tpl (.name) $root }}
|
||
|
{{- if eq .type "secret" }}
|
||
|
secret:
|
||
|
secretName: {{ tpl (.name) $root }}
|
||
|
{{- else if eq .type "configMap" }}
|
||
|
configMap:
|
||
|
name: {{ tpl (.name) $root }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.deployment.additionalVolumes }}
|
||
|
{{- toYaml .Values.deployment.additionalVolumes | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.experimental.plugins.enabled }}
|
||
|
- name: plugins
|
||
|
emptyDir: {}
|
||
|
{{- end }}
|
||
|
{{- with .Values.affinity }}
|
||
|
affinity:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.tolerations }}
|
||
|
tolerations:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.nodeSelector }}
|
||
|
nodeSelector:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.priorityClassName }}
|
||
|
priorityClassName: {{ .Values.priorityClassName }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.podSecurityContext }}
|
||
|
securityContext:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{ end -}}
|