'NOP' cleanup for more consistent white-space use in charts
Where we have the style '{{ ...' we should use the style '... }}'.
Change-Id: Ic3e779e4681370d396f95d3804ca27db5b9d3642
This commit is contained in:
Chris Wedgwood
parent
3819986398
commit
0c4e37391f
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.daemonset_calico_etcd }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "calico-etcd"}}
|
||||
{{- $serviceAccountName := "calico-etcd" }}
|
||||
{{ tuple $envAll "calico-etcd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
|
||||
---
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ limitations under the License.
|
|||
{{- $_ := set .Values.conf.node "CALICO_IPV4POOL_CIDR" .Values.networking.podSubnet -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $serviceAccountName := "calico-node"}}
|
||||
{{- $serviceAccountName := "calico-node" }}
|
||||
{{ tuple $envAll "calico_node" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
@ -146,7 +146,7 @@ spec:
|
|||
configMapKeyRef:
|
||||
name: calico-etc
|
||||
key: etcd_endpoints
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca }}
|
||||
- name: ETCD_CA_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
|
||||
- name: ETCD_CA_CERT
|
||||
|
|
@ -155,7 +155,7 @@ spec:
|
|||
name: calico-etcd-secrets
|
||||
key: tls.ca
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key }}
|
||||
- name: ETCD_KEY_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.key }}
|
||||
- name: ETCD_KEY
|
||||
|
|
@ -164,7 +164,7 @@ spec:
|
|||
name: calico-etcd-secrets
|
||||
key: tls.key
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt }}
|
||||
- name: ETCD_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.crt }}
|
||||
- name: ETCD_CERT
|
||||
|
|
@ -299,15 +299,15 @@ spec:
|
|||
key: etcd_endpoints
|
||||
|
||||
# etcd certs
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca }}
|
||||
- name: ETCD_CA_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key }}
|
||||
- name: ETCD_KEY_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.key }}
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt }}
|
||||
- name: ETCD_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.crt }}
|
||||
{{ end }}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.deployment_calico_kube_controllers }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "calico-kube-controllers"}}
|
||||
{{- $serviceAccountName := "calico-kube-controllers" }}
|
||||
{{ tuple $envAll "calico_kube_controllers" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
|
|
@ -126,15 +126,15 @@ spec:
|
|||
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.controllers | indent 12 }}
|
||||
|
||||
# etcd tls files
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca }}
|
||||
- name: ETCD_CA_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key }}
|
||||
- name: ETCD_KEY_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.key }}
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt }}
|
||||
- name: ETCD_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.crt }}
|
||||
{{ end }}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.job_calico_settings }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "calico-settings"}}
|
||||
{{- $serviceAccountName := "calico-settings" }}
|
||||
{{ tuple $envAll "calico_settings" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
|
|
@ -61,15 +61,15 @@ spec:
|
|||
configMapKeyRef:
|
||||
name: calico-etc
|
||||
key: etcd_endpoints
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.ca }}
|
||||
- name: ETCD_CA_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.ca }}
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.key }}
|
||||
- name: ETCD_KEY_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.key }}
|
||||
{{ end }}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt}}
|
||||
{{ if .Values.endpoints.etcd.auth.client.tls.crt }}
|
||||
- name: ETCD_CERT_FILE
|
||||
value: {{ .Values.endpoints.etcd.auth.client.path.crt }}
|
||||
{{ end }}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.deployment_mds ( and .Values.deployment.ceph .Values.conf.features.mds) }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-mds"}}
|
||||
{{- $serviceAccountName := "ceph-mds" }}
|
||||
{{ tuple $envAll "mds" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: Deployment
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.deployment_mgr (and .Values.deployment.ceph .Values.conf.features.mgr ) }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-mgr"}}
|
||||
{{- $serviceAccountName := "ceph-mgr" }}
|
||||
{{ tuple $envAll "mgr" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: Deployment
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-client-bootstrap"}}
|
||||
{{- $serviceAccountName := "ceph-client-bootstrap" }}
|
||||
{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.service_mgr ( and .Values.deployment.ceph .Values.conf.features.mgr )}}
|
||||
{{- if and .Values.manifests.service_mgr ( and .Values.deployment.ceph .Values.conf.features.mgr ) }}
|
||||
{{- $envAll := . }}
|
||||
{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.ceph_mgr }}
|
||||
---
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.daemonset_mon .Values.deployment.ceph }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-mon"}}
|
||||
{{- $serviceAccountName := "ceph-mon" }}
|
||||
{{ tuple $envAll "mon" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.deployment_moncheck .Values.deployment.ceph }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-mon-check"}}
|
||||
{{- $serviceAccountName := "ceph-mon-check" }}
|
||||
{{ tuple $envAll "moncheck" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: Deployment
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-bootstrap"}}
|
||||
{{- $serviceAccountName := "ceph-bootstrap" }}
|
||||
{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ spec:
|
|||
value: /tmp
|
||||
- name: CEPH_TEMPLATES_DIR
|
||||
value: /tmp/templates
|
||||
{{- if eq $cephBootstrapKey "mon"}}
|
||||
{{- if eq $cephBootstrapKey "mon" }}
|
||||
- name: CEPH_KEYRING_NAME
|
||||
value: ceph.mon.keyring
|
||||
- name: CEPH_KEYRING_TEMPLATE
|
||||
|
|
|
|||
|
|
@ -350,7 +350,7 @@ spec:
|
|||
{{- if .Values.manifests.daemonset_osd }}
|
||||
{{- $daemonset := "osd" }}
|
||||
{{- $configMapName := "ceph-osd-etc" }}
|
||||
{{- $serviceAccountName := "ceph-osd"}}
|
||||
{{- $serviceAccountName := "ceph-osd" }}
|
||||
{{ tuple . "osd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "ceph.osd.daemonset" | toString | fromYaml }}
|
||||
{{- $configmap_yaml := "ceph.osd.configmap.etc" }}
|
||||
|
|
|
|||
|
|
@ -284,7 +284,7 @@ limitations under the License.
|
|||
{{- $_ := set $context.Values "__tmpYAML" dict }}
|
||||
|
||||
{{ $dsNodeName := index $context.Values.__daemonset_yaml.metadata "name" }}
|
||||
{{ $localDsNodeName := print (trunc 54 $current_dict.dns_1123_name) "-" (print $dsNodeName $k | quote | sha256sum | trunc 8)}}
|
||||
{{ $localDsNodeName := print (trunc 54 $current_dict.dns_1123_name) "-" (print $dsNodeName $k | quote | sha256sum | trunc 8) }}
|
||||
{{- if not $context.Values.__tmpYAML.metadata }}{{- $_ := set $context.Values.__tmpYAML "metadata" dict }}{{- end }}
|
||||
{{- $_ := set $context.Values.__tmpYAML.metadata "name" $localDsNodeName }}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-client-bootstrap"}}
|
||||
{{- $serviceAccountName := "ceph-client-bootstrap" }}
|
||||
{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.deployment_rgw ( and .Values.deployment.ceph .Values.conf.features.rgw ) }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-rgw"}}
|
||||
{{- $serviceAccountName := "ceph-rgw" }}
|
||||
{{ tuple $envAll "rgw" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: Deployment
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ limitations under the License.
|
|||
|
||||
{{- $esUserSecret := .Values.secrets.elasticsearch.user }}
|
||||
|
||||
{{- $serviceAccountName := "elastic-curator"}}
|
||||
{{- $serviceAccountName := "elastic-curator" }}
|
||||
{{ tuple $envAll "curator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1beta1
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ limitations under the License.
|
|||
|
||||
{{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-client"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-client" }}
|
||||
{{ tuple $envAll "elasticsearch_client" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ limitations under the License.
|
|||
|
||||
{{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }}
|
||||
|
||||
{{- $serviceAccountName := "elasticsearch-master"}}
|
||||
{{- $serviceAccountName := "elasticsearch-master" }}
|
||||
{{ tuple $envAll "elasticsearch_master" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ limitations under the License.
|
|||
|
||||
{{- $mounts_elasticsearch := .Values.pod.mounts.elasticsearch.elasticsearch }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-data"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "elasticsearch-data" }}
|
||||
{{ tuple $envAll "elasticsearch_data" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.daemonset_kube_flannel_ds }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "flannel"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "flannel" }}
|
||||
{{ tuple $envAll "flannel" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: ClusterRole
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ spec:
|
|||
- /tmp/fluent-bit.sh
|
||||
env:
|
||||
- name: FLUENTD_HOST
|
||||
value: {{ tuple "fluentd" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote}}
|
||||
value: {{ tuple "fluentd" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
|
||||
- name: FLUENTD_PORT
|
||||
value: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
|
||||
volumeMounts:
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ limitations under the License.
|
|||
{{- $mounts_elasticsearch_template := .Values.pod.mounts.elasticsearch_template.elasticsearch_template }}
|
||||
{{- $mounts_elasticsearch_template_init := .Values.pod.mounts.elasticsearch_template.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "fluent-logging-elasticsearch-template"}}
|
||||
{{- $serviceAccountName := "fluent-logging-elasticsearch-template" }}
|
||||
{{ tuple $envAll "elasticsearch_template" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ limitations under the License.
|
|||
{{ $fluentd_metrics_path := "api/plugins.json" }}
|
||||
{{ $fluentd_metrics_host := printf "http://%s/%s" $fluentd_host $fluentd_metrics_path }}
|
||||
|
||||
{{- $serviceAccountName := "prometheus-fluentd-exporter"}}
|
||||
{{- $serviceAccountName := "prometheus-fluentd-exporter" }}
|
||||
{{ tuple $envAll "prometheus_fluentd_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -5485,7 +5485,7 @@ conf:
|
|||
- expr: irate(ceph_pool_rd{pool_id=~"$pool",application="ceph",release_group="$ceph_cluster"}[3m])
|
||||
interval: "$interval"
|
||||
intervalFactor: 1
|
||||
legendFormat: Read - {{ $pool_name}}
|
||||
legendFormat: Read - {{ $pool_name }}
|
||||
refId: B
|
||||
step: 60
|
||||
- expr: irate(ceph_pool_wr{pool_id=~"$pool",application="ceph",release_group="$ceph_cluster"}[3m])
|
||||
|
|
@ -14797,7 +14797,7 @@ conf:
|
|||
format: time_series
|
||||
interval: ''
|
||||
intervalFactor: 2
|
||||
legendFormat: "{{ upstream}}"
|
||||
legendFormat: "{{ upstream }}"
|
||||
metric: nginx_upstream_requests
|
||||
refId: A
|
||||
step: 10
|
||||
|
|
@ -14938,7 +14938,7 @@ conf:
|
|||
- expr: sum(irate(nginx_connections_total[5m])) by (type)
|
||||
format: time_series
|
||||
intervalFactor: 2
|
||||
legendFormat: "{{ type}}"
|
||||
legendFormat: "{{ type }}"
|
||||
metric: nginx_server_connections
|
||||
refId: A
|
||||
step: 10
|
||||
|
|
@ -15080,7 +15080,7 @@ conf:
|
|||
format: time_series
|
||||
interval: ''
|
||||
intervalFactor: 2
|
||||
legendFormat: "{{ server_zone}}"
|
||||
legendFormat: "{{ server_zone }}"
|
||||
metric: nginx_server_requests
|
||||
refId: A
|
||||
step: 10
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ return: |
|
|||
{{- $typeYamlSafe := $type | replace "-" "_" }}
|
||||
{{- $endpointMap := index $context.Values.endpoints $typeYamlSafe }}
|
||||
{{- with $endpointMap -}}
|
||||
{{- $endpointName := index .hosts $endpoint | default .hosts.default}}
|
||||
{{- $endpointName := index .hosts $endpoint | default .hosts.default }}
|
||||
{{- $endpointNamespace := .namespace | default $context.Release.Namespace }}
|
||||
{{- if regexMatch "[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+" $endpointName }}
|
||||
{{- if .service.name }}
|
||||
|
|
|
|||
|
|
@ -172,9 +172,9 @@ metadata:
|
|||
{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }}
|
||||
spec:
|
||||
rules:
|
||||
{{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix)}}
|
||||
{{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }}
|
||||
{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }}
|
||||
{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}}
|
||||
{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }}
|
||||
{{- range $key2, $ingressController := tuple "namespace" "cluster" }}
|
||||
|
|
@ -202,7 +202,7 @@ spec:
|
|||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4}}
|
||||
{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.deployment_error }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ingress-error-pages"}}
|
||||
{{- $serviceAccountName := "ingress-error-pages" }}
|
||||
{{ tuple $envAll "error_pages" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ set -ex
|
|||
curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
|
||||
-XPOST "${ELASTICSEARCH_ENDPOINT}/.kibana/index-pattern/{{ . }}-*" -H 'Content-Type: application/json' \
|
||||
-d '{"title":"{{ . }}-*","timeFieldName":"@timestamp","notExpandable":true}'
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
|
||||
-XPOST "${ELASTICSEARCH_ENDPOINT}/.kibana/config/5.6.4" -H 'Content-Type: application/json' \
|
||||
-d '{"defaultIndex" : "{{ .Values.conf.create_kibana_indexes.default_index }}-*"}'
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ worker_processes {{ $cfg.WorkerProcesses }};
|
|||
pid /run/nginx.pid;
|
||||
{{ if ne .MaxOpenFiles 0 }}
|
||||
worker_rlimit_nofile {{ .MaxOpenFiles }};
|
||||
{{ end}}
|
||||
{{ end }}
|
||||
|
||||
{{/* http://nginx.org/en/docs/ngx_core_module.html#worker_shutdown_timeout */}}
|
||||
{{/* avoid waiting too long during a reload */}}
|
||||
|
|
@ -228,7 +228,7 @@ http {
|
|||
{{ else }}
|
||||
default "$http_x_forwarded_for, $realip_remote_addr";
|
||||
'' "$realip_remote_addr";
|
||||
{{ end}}
|
||||
{{ end }}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
|
|
@ -581,15 +581,15 @@ stream {
|
|||
{{ $all := .First }}
|
||||
{{ $server := .Second }}
|
||||
{{ range $address := $all.Cfg.BindAddressIpv4 }}
|
||||
listen {{ $address }}:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}};
|
||||
listen {{ $address }}:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_" }} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }};
|
||||
{{ else }}
|
||||
listen {{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}};
|
||||
listen {{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_" }} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }};
|
||||
{{ end }}
|
||||
{{ if $all.IsIPV6Enabled }}
|
||||
{{ range $address := $all.Cfg.BindAddressIpv6 }}
|
||||
listen {{ $address }}:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }};
|
||||
listen {{ $address }}:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_" }} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }};
|
||||
{{ else }}
|
||||
listen [::]:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }};
|
||||
listen [::]:{{ $all.ListenPorts.HTTP }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ if eq $server.Hostname "_" }} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }};
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
set $proxy_upstream_name "-";
|
||||
|
|
@ -598,22 +598,22 @@ stream {
|
|||
{{/* This listener must always have proxy_protocol enabled, because the SNI listener forwards on source IP info in it. */}}
|
||||
{{ if not (empty $server.SSLCertificate) }}
|
||||
{{ range $address := $all.Cfg.BindAddressIpv4 }}
|
||||
listen {{ $address }}:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol {{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }};
|
||||
listen {{ $address }}:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol {{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }} {{ if eq $server.Hostname "_" }} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }};
|
||||
{{ else }}
|
||||
listen {{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol {{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }};
|
||||
listen {{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol {{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }} {{ if eq $server.Hostname "_" }} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }};
|
||||
{{ end }}
|
||||
{{ if $all.IsIPV6Enabled }}
|
||||
{{ range $address := $all.Cfg.BindAddressIpv6 }}
|
||||
{{ if not (empty $server.SSLCertificate) }}listen {{ $address }}:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }};
|
||||
{{ if not (empty $server.SSLCertificate) }}listen {{ $address }}:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }}{{ end }} {{ if eq $server.Hostname "_" }} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }};
|
||||
{{ else }}
|
||||
{{ if not (empty $server.SSLCertificate) }}listen [::]:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }}{{ end }} {{ if eq $server.Hostname "_"}} default_server reuseport backlog={{ $all.BacklogSize }}{{end}} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }};
|
||||
{{ if not (empty $server.SSLCertificate) }}listen [::]:{{ if $all.IsSSLPassthroughEnabled }}{{ $all.ListenPorts.SSLProxy }} proxy_protocol{{ else }}{{ $all.ListenPorts.HTTPS }}{{ if $all.Cfg.UseProxyProtocol }} proxy_protocol{{ end }}{{ end }}{{ end }} {{ if eq $server.Hostname "_" }} default_server reuseport backlog={{ $all.BacklogSize }}{{ end }} ssl {{ if $all.Cfg.UseHTTP2 }}http2{{ end }};
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{/* comment PEM sha is required to detect changes in the generated configuration and force a reload */}}
|
||||
# PEM sha: {{ $server.SSLPemChecksum }}
|
||||
ssl_certificate {{ $server.SSLCertificate }};
|
||||
ssl_certificate_key {{ $server.SSLCertificate }};
|
||||
{{ if not (empty $server.SSLFullChainCertificate)}}
|
||||
{{ if not (empty $server.SSLFullChainCertificate) }}
|
||||
ssl_trusted_certificate {{ $server.SSLFullChainCertificate }};
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
|
@ -630,7 +630,7 @@ stream {
|
|||
ssl_client_certificate {{ $server.CertificateAuth.CAFileName }};
|
||||
ssl_verify_client {{ $server.CertificateAuth.VerifyClient }};
|
||||
ssl_verify_depth {{ $server.CertificateAuth.ValidationDepth }};
|
||||
{{ if not (empty $server.CertificateAuth.ErrorPage)}}
|
||||
{{ if not (empty $server.CertificateAuth.ErrorPage) }}
|
||||
error_page 495 496 = {{ $server.CertificateAuth.ErrorPage }};
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
@ -643,7 +643,7 @@ stream {
|
|||
{{ $path := buildLocation $location }}
|
||||
{{ $authPath := buildAuthLocation $location }}
|
||||
|
||||
{{ if not (empty $location.Rewrite.AppRoot)}}
|
||||
{{ if not (empty $location.Rewrite.AppRoot) }}
|
||||
if ($uri = /) {
|
||||
return 302 {{ $location.Rewrite.AppRoot }};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.deployment_error }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "mariadb-ingress-error-pages"}}
|
||||
{{- $serviceAccountName := "mariadb-ingress-error-pages" }}
|
||||
{{ tuple $envAll "error_pages" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "prometheus-mysql-exporter"}}
|
||||
{{- $serviceAccountName := "prometheus-mysql-exporter" }}
|
||||
{{ tuple $envAll "prometheus_mysql_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ limitations under the License.
|
|||
{{- range $object := $objects }}
|
||||
{{ range $config := $object }}
|
||||
define {{ $type }} {
|
||||
{{- range $key, $value := $config}}
|
||||
{{- range $key, $value := $config }}
|
||||
{{ $key }} {{ $value }}
|
||||
{{- end }}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.deployment }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "nfs-provisioner"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "nfs-provisioner" }}
|
||||
{{ tuple $envAll "nfs" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: ClusterRole
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ limitations under the License.
|
|||
|
||||
{{- if .Values.manifests.clusterrolebinding }}
|
||||
{{- $envAll := . }}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "alertmanager"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "alertmanager" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ limitations under the License.
|
|||
{{- $mounts_alertmanager := .Values.pod.mounts.alertmanager.alertmanager }}
|
||||
{{- $mounts_alertmanager_init := .Values.pod.mounts.alertmanager.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "alertmanager"}}
|
||||
{{- $serviceAccountName := "alertmanager" }}
|
||||
{{ tuple $envAll "alertmanager" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.deployment }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "kube-state-metrics"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "kube-state-metrics" }}
|
||||
{{ tuple $envAll "kube_state_metrics" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.daemonset }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "node-exporter"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "node-exporter" }}
|
||||
{{ tuple $envAll "node_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.daemonset }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "process-exporter"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "process-exporter" }}
|
||||
{{ tuple $envAll "process_exporter" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ limitations under the License.
|
|||
{{- $mounts_prometheus_init := .Values.pod.mounts.prometheus.init_container }}
|
||||
{{- $promUserSecret := .Values.secrets.prometheus.admin }}
|
||||
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "prometheus"}}
|
||||
{{- $serviceAccountName := printf "%s-%s" .Release.Name "prometheus" }}
|
||||
{{ tuple $envAll "prometheus" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
|
|
|
|||
|
|
@ -1072,7 +1072,7 @@ conf:
|
|||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
description: Reloading Alertmanager's configuration has failed for {{ $labels.namespace }}/{{ $labels.pod}}.
|
||||
description: Reloading Alertmanager's configuration has failed for {{ $labels.namespace }}/{{ $labels.pod }}.
|
||||
summary: Alertmanager configuration reload has failed
|
||||
etcd3:
|
||||
groups:
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.deployment }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "redis"}}
|
||||
{{- $serviceAccountName := "redis" }}
|
||||
{{ tuple $envAll "redis" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.daemonset_registry_proxy }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "docker-registry-proxy"}}
|
||||
{{- $serviceAccountName := "docker-registry-proxy" }}
|
||||
{{ tuple $envAll "registry_proxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
{{- if .Values.manifests.deployment_registry }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "docker-registry"}}
|
||||
{{- $serviceAccountName := "docker-registry" }}
|
||||
{{ tuple $envAll "registry" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ limitations under the License.
|
|||
{{- $envAll := . }}
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
|
||||
{{- $serviceAccountName := "docker-bootstrap"}}
|
||||
{{- $serviceAccountName := "docker-bootstrap" }}
|
||||
{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
|
|
|
|||
Loading…
Reference in New Issue