Skip to content

C
charts
Commit f00bed35 by Manuel Zapf Committed by Denise Schannon
Options

Add Traefik v1.7 (#218)

Add Traefik v1.7 chart
parent 04cf311b
Showing with 920 additions and 0 deletions
charts/traefik/v1.7/Chart.yaml 0 → 100755
apiVersion: v1
appVersion: 1.7.14
description: A Traefik based Kubernetes ingress controller with Let's Encrypt support
engine: gotpl
home: https://traefik.io/
icon: https://docs.traefik.io/img/traefik.logo.png
keywords:
- traefik
- ingress
- acme
- letsencrypt
maintainers:
- email: manuel@containo.us
name: SantoDE
name: traefik
sources:
- https://github.com/containous/traefik
- https://github.com/helm/charts/tree/master/stable/traefik
version: 1.0.0
charts/traefik/v1.7/app-readme.md 0 → 100644
[Traefik](https://traefik.io/) is a modern HTTP reverse proxy and load balancer made to deploy
microservices with ease.
This chart bootstraps Traefik as a Kubernetes ingress controller with optional support for SSL and
Let's Encrypt.
\ No newline at end of file
charts/traefik/v1.7/questions.yml 0 → 100755
categories:
- Proxy
- Loadbalancer
labels:
- io.cattle.role: project
questions:
- variable: defaultImage
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
group: "General Settings"
show_subquestion_if: false
subquestions:
- variable: imageTag
default: "1.7.14"
description: "Traefik Image Tag"
type: string
label: Traefik Image Tag
- variable: serviceType
type: enum
options:
- "LoadBalancer"
- "NodePort"
- "ClusterIP"
default: "Loadbalancer"
description: "Service Type for Traefik"
label: Service Type
group: "General Settings"
- variable: debug.enabled
type: boolean
default: false
description: "Enable Debug Mode"
label: Debug
group: "General Settings"
- variable: rbac.enabled
default: true
description: "Enable RBAC Settings"
label: RBAC
type: boolean
group: "General Settings"
- variable: ssl.enabled
type: boolean
default: false
description: "Enable SSL"
label: SSL
show_subquestion_if: true
group: "SSL"
subquestions:
- variable: ssl.enforced
type: boolean
default: false
description: "Force HTTP to HTTPS"
label: Http to HTTPS
- variable: ssl.permanentRedirect
type: boolean
default: false
description: "Permanentely Redirect HTTP to HTTPS"
label: Permanent Redirects
- variable: acme.enabled
type: boolean
default: false
description: "Enable Lets Encrypt"
label: Lets Encrypt
show_subquestion_if: true
group: "Lets Encrypt (ACME Protocol)"
show_if: "ssl.enabled=true"
subquestions:
- variable: ssl.email
type: string
default: "admin@example.com"
description: "E-Mail Adress to use"
label: E-Mail
- variable: ssl.onHostRule
type: boolean
default: true
description: "Generate Lets Encrypt Certificates on the Fly"
label: On Host
- variable: ssl.staging
type: boolean
default: true
description: "Generate Test Lets Encrypt Certificates to not use the Rate Limit"
label: Test Certificates (Staging)
- variable: ssl.logging
type: boolean
default: true
description: "Activate Lets Encrypt Logging"
label: Logging
- variable: ssl.challengeType
type: enum
options:
- "tls-alpn-01"
- "http-01"
- "dns-01"
default: "tls-alpn-01"
description: "Challengetype to use for Lets Encrypt Certificates"
label: Challengetype
- variable: persistence.enabled
type: boolean
default: true
description: "Enable Persistence for Lets Encrypt Certificates"
label: Persistence
- variable: dashboard.enabled
default: false
description: "Enable Dashboard"
label: Enable
type: boolean
group: "Dashboard"
show_subquestion_if: true
subquestions:
- variable: dashboard.domain
type: string
default: "traefik.example.com"
description: "E-Mail Adress to use"
label: Domain
- variable: dashboard.auth.basic
type: string
default: ""
description: "Basic-Aut Protection for Dashboard"
label: Basic Auth
\ No newline at end of file
charts/traefik/v1.7/templates/NOTES.txt 0 → 100755
{{- if eq .Values.serviceType "LoadBalancer" }}
1. Get Traefik's load balancer IP/hostname:
NOTE: It may take a few minutes for this to become available.
You can watch the status by running:
$ kubectl get svc {{ template "traefik.fullname" . }} --namespace {{ .Release.Namespace }} -w
Once 'EXTERNAL-IP' is no longer '<pending>':
$ kubectl describe svc {{ template "traefik.fullname" . }} --namespace {{ .Release.Namespace }} | grep Ingress | awk '{print $3}'
2. Configure DNS records corresponding to Kubernetes ingress resources to point to the load balancer IP/hostname found in step 1
{{- end }}
{{- if eq .Values.serviceType "NodePort" }}
{{- if (and (not (empty .Values.service.nodePorts.https)) (not (empty .Values.service.nodePorts.http)))}}
1. Traefik is listening on the following ports on the host machine:
http - {{ .Values.service.nodePorts.http }}
https - {{ .Values.service.nodePorts.https }}
{{- else }}
1. Traefik has been started. You can find out the port numbers being used by traefik by running:
$ kubectl describe svc {{ template "traefik.fullname" . }} --namespace {{ .Release.Namespace }}
{{- end }}
2. Configure DNS records corresponding to Kubernetes ingress resources to point to the NODE_IP/NODE_HOST
{{- end }}
charts/traefik/v1.7/templates/_helpers.tpl 0 → 100755
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "traefik.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "traefik.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "traefik.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the block for the ProxyProtocol's Trusted IPs.
*/}}
{{- define "traefik.trustedips" -}}
trustedIPs = [
{{- range $idx, $ips := .Values.proxyProtocol.trustedIPs }}
{{- if $idx }}, {{ end }}
{{- $ips | quote }}
{{- end -}}
]
{{- end -}}
{{/*
Create the block for the forwardedHeaders's Trusted IPs.
*/}}
{{- define "traefik.forwardedHeadersTrustedIPs" -}}
trustedIPs = [
{{- range $idx, $ips := .Values.forwardedHeaders.trustedIPs }}
{{- if $idx }}, {{ end }}
{{- $ips | quote }}
{{- end -}}
]
{{- end -}}
{{/*
Create the block for whiteListSourceRange.
*/}}
{{- define "traefik.whiteListSourceRange" -}}
whiteListSourceRange = [
{{- range $idx, $ips := .Values.whiteListSourceRange }}
{{- if $idx }}, {{ end }}
{{- $ips | quote }}
{{- end -}}
]
{{- end -}}
{{/*
Create the block for acme.domains.
*/}}
{{- define "traefik.acme.domains" -}}
{{- range $idx, $value := .Values.acme.domains.domainsList }}
{{- if $value.main }}
[[acme.domains]]
main = {{- range $mainIdx, $mainValue := $value }} {{ $mainValue | quote }}{{- end -}}
{{- end -}}
{{- if $value.sans }}
sans = [
{{- range $sansIdx, $domains := $value.sans }}
{{- if $sansIdx }}, {{ end }}
{{- $domains | quote }}
{{- end -}}
]
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the block for acme.resolvers.
*/}}
{{- define "traefik.acme.dnsResolvers" -}}
resolvers = [
{{- range $idx, $ips := .Values.acme.resolvers }}
{{- if $idx }},{{ end }}
{{- $ips | quote }}
{{- end -}}
]
{{- end -}}
{{/*
Create custom cipherSuites block
*/}}
{{- define "traefik.ssl.cipherSuites" -}}
cipherSuites = [
{{- range $idx, $cipher := .Values.ssl.cipherSuites }}
{{- if $idx }},{{ end }}
{{ $cipher | quote }}
{{- end }}
]
{{- end -}}
Create the block for RootCAs.
*/}}
{{- define "traefik.rootCAs" -}}
rootCAs = [
{{- range $idx, $ca := .Values.rootCAs }}
{{- if $idx }}, {{ end }}
{{- $ca | quote }}
{{- end -}}
]
{{- end -}}
charts/traefik/v1.7/templates/acme-pvc.yaml 0 → 100755
{{- if and .Values.acme.enabled .Values.acme.persistence.enabled (not .Values.acme.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
{{- if .Values.acme.persistence.annotations }}
annotations:
{{ toYaml .Values.acme.persistence.annotations | indent 4 }}
{{- end }}
name: {{ template "traefik.fullname" . }}-acme
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
accessModes:
- {{ .Values.acme.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.acme.persistence.size | quote }}
{{- if .Values.acme.persistence.storageClass }}
{{- if (eq "-" .Values.acme.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.acme.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
charts/traefik/v1.7/templates/config-files.yaml 0 → 100755
{{- if .Values.configFiles }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "traefik.fullname" . }}-configs
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
data:
{{- range $filename, $fileContents := .Values.configFiles }}
{{ $filename }}: |-
{{ $fileContents | indent 4 }}
{{- end }}
{{- end }}
charts/traefik/v1.7/templates/dashboard-ingress.yaml 0 → 100755
{{- if .Values.dashboard.enabled }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "traefik.fullname" . }}-dashboard
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.dashboard.ingress }}
{{- range $key, $value := .Values.dashboard.ingress.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
annotations:
{{- if .Values.dashboard.ingress }}
{{- range $key, $value := .Values.dashboard.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
rules:
- host: {{ .Values.dashboard.domain }}
http:
paths:
- backend:
serviceName: {{ template "traefik.fullname" . }}-dashboard
servicePort: dashboard-http
{{- if .Values.dashboard.ingress.tls }}
tls:
{{ toYaml .Values.dashboard.ingress.tls | indent 4 }}
{{- end -}}
{{- end }}
charts/traefik/v1.7/templates/dashboard-service.yaml 0 → 100755
{{- if .Values.dashboard.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "traefik.fullname" . }}-dashboard
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
annotations:
{{- if .Values.dashboard.service }}
{{- range $key, $value := .Values.dashboard.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.dashboard.serviceType | default ("ClusterIP") }}
selector:
app: {{ template "traefik.name" . }}
release: {{ .Release.Name }}
ports:
- name: dashboard-http
port: 80
targetPort: 8080
{{- end }}
charts/traefik/v1.7/templates/default-cert-secret.yaml 0 → 100755
{{- if .Values.ssl.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "traefik.fullname" . }}-default-cert
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
{{- if .Values.ssl.generateTLS }}
{{- $ca := genCA "default-ca" 365 }}
{{- $cn := default "example.com" .Values.ssl.defaultCN }}
{{- $server := genSignedCert $cn ( default nil .Values.ssl.defaultIPList ) ( default nil .Values.ssl.defaultSANList ) 365 $ca }}
tls.crt: {{ $server.Cert | b64enc }}
tls.key: {{ $server.Key | b64enc }}
{{- else }}
tls.crt: {{ .Values.ssl.defaultCert }}
tls.key: {{ .Values.ssl.defaultKey }}
{{- end }}
{{- end }}
charts/traefik/v1.7/templates/deployment.yaml 0 → 100755
{{- if semverCompare "^1.9-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: apps/v1
{{- else }}
apiVersion: apps/v1beta1
{{- end }}
kind: Deployment
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
replicas: {{ default 1 .Values.replicas }}
selector:
matchLabels:
app: {{ template "traefik.name" . }}
release: {{ .Release.Name }}
{{- if .Values.deploymentStrategy }}
strategy:
{{ toYaml .Values.deploymentStrategy | indent 4 }}
{{- end }}
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- if and (.Values.tolerations) (semverCompare "<1.6-0" .Capabilities.KubeVersion.GitVersion) }}
scheduler.alpha.kubernetes.io/tolerations: '{{ toJson .Values.tolerations }}'
{{- end }}
{{- range $key, $value := .Values.deployment.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.deployment.podLabels }}
{{ toYaml .Values.deployment.podLabels | indent 8 }}
{{- end }}
spec:
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- end }}
{{- if .Values.rbac.enabled }}
serviceAccountName: {{ template "traefik.fullname" . }}
{{- else }}
serviceAccountName: default
{{- end }}
terminationGracePeriodSeconds: 60
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- image: {{ .Values.image }}:{{ .Values.imageTag }}
name: {{ template "traefik.fullname" . }}
resources:
{{- if or .Values.cpuRequest .Values.memoryRequest .Values.cpuLimit .Values.memoryLimit }}
requests:
cpu: {{ .Values.cpuRequest | quote }}
memory: {{ .Values.memoryRequest | quote }}
limits:
cpu: {{ .Values.cpuLimit | quote }}
memory: {{ .Values.memoryLimit | quote }}
{{- else }}
{{ toYaml .Values.resources | indent 10 }}
{{- end }}
readinessProbe:
httpGet:
path: /ping
port: 80
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
httpGet:
path: /ping
port: 80
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
{{- if or (and .Values.acme.enabled (eq .Values.acme.challengeType "dns-01") .Values.acme.dnsProvider.name) .Values.env }}
env:
{{- range $k, $v := (index .Values.acme.dnsProvider .Values.acme.dnsProvider.name) }}
{{- if or $v $.Values.acme.dnsProvider.existingSecretName }}
- name: {{ $k }}
valueFrom:
secretKeyRef:
{{- if $.Values.acme.dnsProvider.existingSecretName }}
name: {{ $.Values.acme.dnsProvider.existingSecretName }}
{{- else }}
name: {{ template "traefik.fullname" $ }}-dnsprovider-config
{{- end }}
key: {{ $k }}
{{- end }}
{{- end }}
{{- if .Values.env }}
{{ toYaml .Values.env | indent 10 }}
{{- end }}
{{- end }}
volumeMounts:
- mountPath: /config
name: config
{{- if and .Values.ssl.enabled (not .Values.ssl.upstream) }}
- mountPath: /ssl
name: ssl
{{- end }}
{{- if .Values.acme.enabled }}
- mountPath: /acme
name: acme
{{- end }}
{{- if .Values.configFiles }}
- mountPath: /configs
name: {{ template "traefik.fullname" $ }}-configs
{{ end }}
{{- if .Values.secretFiles }}
- mountPath: /secrets
name: {{ template "traefik.fullname" $ }}-secrets
{{- end }}
ports:
- name: http
containerPort: 80
{{- if .Values.deployment.hostPort.httpEnabled }}
hostPort: {{ default 80 .Values.deployment.hostPort.httpPort }}
{{- end }}
protocol: TCP
- name: httpn
containerPort: 8880
protocol: TCP
- name: https
containerPort: 443
{{- if .Values.deployment.hostPort.httpsEnabled }}
hostPort: {{ default 443 .Values.deployment.hostPort.httpsPort }}
{{- end }}
protocol: TCP
{{- if .Values.dashboard.enabled }}
- name: dash
containerPort: 8080
{{- if .Values.deployment.hostPort.dashboardEnabled }}
hostPort: {{ default 8080 .Values.deployment.hostPort.dashboardPort }}
{{- end }}
protocol: TCP
{{- end }}
args:
- --configfile=/config/traefik.toml
{{- range .Values.startupArguments }}
- {{ . }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ template "traefik.fullname" . }}
{{- if and .Values.ssl.enabled (not .Values.ssl.upstream) }}
- name: ssl
secret:
secretName: {{ template "traefik.fullname" . }}-default-cert
{{- end }}
{{- if .Values.acme.enabled }}
- name: acme
{{- if .Values.acme.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.acme.persistence.existingClaim | default (printf "%s-acme" (include "traefik.fullname" .)) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.configFiles }}
- name: {{ template "traefik.fullname" $ }}-configs
configMap:
name: {{ template "traefik.fullname" $ }}-configs
{{ end }}
{{- if .Values.secretFiles }}
- name: {{ template "traefik.fullname" $ }}-secrets
secret:
secretName: {{ template "traefik.fullname" $ }}-secrets
{{- end }}
{{- if and (.Values.tolerations) (semverCompare "^1.6-0" .Capabilities.KubeVersion.GitVersion) }}
tolerations:
{{ toYaml .Values.tolerations | indent 6 }}
{{- end }}
charts/traefik/v1.7/templates/dns-provider-secret.yaml 0 → 100755
{{- if and .Values.acme.enabled (eq .Values.acme.challengeType "dns-01") .Values.acme.dnsProvider.name (not .Values.acme.dnsProvider.existingSecretName) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "traefik.fullname" . }}-dnsprovider-config
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
type: Opaque
data:
{{- range $k, $v := (index .Values.acme.dnsProvider .Values.acme.dnsProvider.name) }}
{{- if $v }}
{{ $k }}: {{ $v | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
charts/traefik/v1.7/templates/hpa.yaml 0 → 100755
{{- if .Values.autoscaling }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "traefik.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{ toYaml .Values.autoscaling.metrics | indent 4 }}
{{- end }}
charts/traefik/v1.7/templates/poddisruptionbudget.yaml 0 → 100755
{{- if .Values.podDisruptionBudget -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
spec:
selector:
matchLabels:
app: {{ template "traefik.name" . }}
release: {{ .Release.Name }}
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
{{- end -}}
charts/traefik/v1.7/templates/rbac.yaml 0 → 100755
{{- if .Values.rbac.enabled }}
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{ template "traefik.fullname" . }}
---
kind: ClusterRole
{{- if semverCompare "^1.8-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: rbac.authorization.k8s.io/v1
{{- else }}
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- end }}
metadata:
name: {{ template "traefik.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
{{- if semverCompare "^1.8-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: rbac.authorization.k8s.io/v1
{{- else }}
apiVersion: rbac.authorization.k8s.io/v1beta1
{{- end }}
metadata:
name: {{ template "traefik.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "traefik.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "traefik.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
charts/traefik/v1.7/templates/secret-files.yaml 0 → 100755
{{- if .Values.secretFiles }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "traefik.fullname" . }}-secrets
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
{{- range $filename, $fileContents := .Values.secretFiles }}
{{ $filename }}: {{ $fileContents | b64enc | quote }}
{{- end }}
{{- end }}
charts/traefik/v1.7/templates/service.yaml 0 → 100755
apiVersion: v1
kind: Service
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- if .Values.service }}
{{- range $key, $value := .Values.service.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
annotations:
{{- if .Values.service }}
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.serviceType }}
{{- if .Values.loadBalancerIP }}
loadBalancerIP: {{ .Values.loadBalancerIP }}
{{- end }}
{{- if .Values.externalIP }}
externalIPs:
- {{ .Values.externalIP }}
{{- end }}
{{- if .Values.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
{{- if .Values.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.externalTrafficPolicy }}
{{- end }}
selector:
app: {{ template "traefik.name" . }}
release: {{ .Release.Name }}
ports:
- port: 80
name: http
{{- if (and (eq .Values.serviceType "NodePort") (not (empty .Values.service.nodePorts.http)))}}
nodePort: {{ .Values.service.nodePorts.http }}
{{- end }}
targetPort: http
- port: 443
name: https
{{- if (and (eq .Values.serviceType "NodePort") (not (empty .Values.service.nodePorts.https)))}}
nodePort: {{ .Values.service.nodePorts.https }}
{{- end }}
{{- if not .Values.ssl.enabled }}
targetPort: httpn
{{- end }}
{{- if (and (.Values.metrics.prometheus.enabled) (not (.Values.metrics.prometheus.restrictAccess)))}}
- port: 8080
name: metrics
targetPort: dash
{{- end }}
charts/traefik/v1.7/templates/storeconfig-job.yaml 0 → 100755
{{- if .Values.kvprovider.storeAcme }}
apiVersion: batch/v1
kind: Job
metadata:
name: "storeconfig-job-{{ .Release.Revision }}"
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation"
labels:
chart: {{ template "traefik.chart" . }}
app: {{ template "traefik.name" . }}
spec:
template:
metadata:
name: "storeconfig-job-{{ .Release.Revision }}"
labels:
app: {{ template "traefik.name" . }}
chart: {{ template "traefik.chart" . }}
spec:
restartPolicy: Never
containers:
- name: storeconfig-job
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
args:
- storeconfig
- --configfile=/config/traefik.toml
volumeMounts:
- mountPath: /config
name: config
- mountPath: /acme
name: acme
volumes:
- name: config
configMap:
name: {{ template "traefik.fullname" . }}
- name: acme
{{- if .Values.acme.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.acme.persistence.existingClaim | default (printf "%s-acme" (include "traefik.fullname" .)) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
charts/traefik/v1.7/templates/tests/test-configmap.yaml 0 → 100755
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "traefik.fullname" . }}-test
labels:
app: {{ template "traefik.fullname" . }}
chart: {{ template "traefik.chart" . }}
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
data:
run.sh: |-
@test "Test Access" {
curl -D - http://{{ template "traefik.fullname" . }}/
}
charts/traefik/v1.7/templates/tests/test.yaml 0 → 100755
apiVersion: v1
kind: Pod
metadata:
name: {{ template "traefik.fullname" . }}-test
labels:
app: {{ template "traefik.fullname" . }}
chart: {{ template "traefik.chart" . }}
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
annotations:
"helm.sh/hook": test-success
spec:
initContainers:
- name: test-framework
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
containers:
- name: {{ .Release.Name }}-test
image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}"
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
volumes:
- name: tests
configMap:
name: {{ template "traefik.fullname" . }}-test
- name: tools
emptyDir: {}
restartPolicy: Never
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment