154 lines
3.5 KiB
YAML
154 lines
3.5 KiB
YAML
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
labels:
|
|
test:
|
|
node_selector_key: ucp-control-plane
|
|
node_selector_value: enabled
|
|
|
|
conf:
|
|
anchor:
|
|
files_to_copy:
|
|
- source: /tmp/etc/haproxy.yaml
|
|
dest: /etc/kubernetes/manifests/haproxy.yaml
|
|
period: 30
|
|
kubernetes_url: https://kubernetes.default:443
|
|
services:
|
|
kube-system:
|
|
kubernetes-apiserver:
|
|
server_opts: "check"
|
|
conf_parts:
|
|
frontend:
|
|
- mode tcp
|
|
- bind *:6553
|
|
backend:
|
|
- mode tcp
|
|
- option tcp-check
|
|
- option redispatch
|
|
kubernetes-etcd:
|
|
server_opts: "check"
|
|
conf_parts:
|
|
frontend:
|
|
- mode tcp
|
|
- bind *:2378
|
|
backend:
|
|
- mode tcp
|
|
- option tcp-check
|
|
- option redispatch
|
|
enable_cleanup: true
|
|
|
|
haproxy:
|
|
container_config_dir: /usr/local/etc/haproxy
|
|
host_config_dir: /etc/promenade/haproxy
|
|
period: 5
|
|
conf_parts:
|
|
global:
|
|
- maxconn 10240
|
|
defaults:
|
|
- timeout connect 5000ms
|
|
- timeout client 24h
|
|
- timeout server 24h
|
|
frontend: []
|
|
backend: []
|
|
|
|
images:
|
|
tags:
|
|
anchor: cwedgwood/kubectl:v1.20.5-1
|
|
haproxy: haproxy:1.8.25
|
|
test: python:3.6
|
|
pull_policy: "IfNotPresent"
|
|
|
|
manifests:
|
|
test_haproxy: true
|
|
|
|
endpoints:
|
|
health:
|
|
port: 6553
|
|
|
|
pod:
|
|
mandatory_access_control:
|
|
type: apparmor
|
|
haproxy-anchor:
|
|
haproxy-perms: runtime/default
|
|
anchor: runtime/default
|
|
kubernetes:
|
|
haproxy-haproxy-test: runtime/default
|
|
haproxy:
|
|
haproxy: runtime/default
|
|
security_context:
|
|
haproxy_anchor:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
anchor:
|
|
runAsUser: 0
|
|
readOnlyRootFilesystem: true
|
|
haproxy:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
haproxy_perms:
|
|
runAsUser: 0
|
|
readOnlyRootFilesystem: true
|
|
haproxy_test:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
haproxy_haproxy_test:
|
|
runAsUser: 0
|
|
readOnlyRootFilesystem: true
|
|
server:
|
|
pod:
|
|
runAsUser: 65534
|
|
container:
|
|
haproxy:
|
|
runAsUser: 0
|
|
readOnlyRootFilesystem: false
|
|
lifecycle:
|
|
upgrades:
|
|
daemonsets:
|
|
pod_replacement_strategy: RollingUpdate
|
|
haproxy_anchor:
|
|
enabled: false
|
|
min_ready_seconds: 0
|
|
max_unavailable: 1
|
|
termination_grace_period:
|
|
haproxy_anchor:
|
|
timeout: 3600
|
|
resources:
|
|
enabled: false
|
|
haproxy_anchor:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "2000m"
|
|
haproxy_pod:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "256Mi"
|
|
cpu: "2000m"
|
|
test:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
|
|
release_group: null
|