2022-09-22 22:05:40 +00:00
|
|
|
{{- define "k8sgateway.container" -}}
|
2023-03-06 21:50:19 +00:00
|
|
|
enabled: true
|
|
|
|
imageSelector: k8sgatewayImage
|
2022-09-22 22:05:40 +00:00
|
|
|
securityContext:
|
|
|
|
runAsUser: 0
|
|
|
|
runAsGroup: 0
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
args: ["-conf", "/etc/coredns/Corefile"]
|
2023-03-06 21:50:19 +00:00
|
|
|
probes:
|
2023-03-04 12:42:14 +00:00
|
|
|
readiness:
|
2023-03-06 21:50:19 +00:00
|
|
|
enabled: true
|
|
|
|
path: /ready
|
|
|
|
port: 8181
|
2023-03-04 12:42:14 +00:00
|
|
|
liveness:
|
2023-03-06 21:50:19 +00:00
|
|
|
enabled: true
|
|
|
|
path: /health
|
|
|
|
port: 8080
|
2023-03-04 12:42:14 +00:00
|
|
|
startup:
|
2023-03-06 21:50:19 +00:00
|
|
|
enabled: true
|
|
|
|
path: /ready
|
|
|
|
port: 8181
|
2022-09-22 22:05:40 +00:00
|
|
|
{{- end -}}
|
|
|
|
|
|
|
|
{{/*
|
|
|
|
Create the matchable regex from domain
|
|
|
|
*/}}
|
|
|
|
{{- define "k8sgateway.configmap.regex" -}}
|
2022-09-24 18:49:03 +00:00
|
|
|
{{- if .dnsChallenge.domain }}
|
|
|
|
{{- .dnsChallenge.domain | replace "." "[.]" -}}
|
2022-09-22 22:05:40 +00:00
|
|
|
{{- else -}}
|
|
|
|
{{ "unset" }}
|
|
|
|
{{- end }}
|
|
|
|
{{- end -}}
|
|
|
|
|
|
|
|
{{/* Define the configmap */}}
|
|
|
|
{{- define "k8sgateway.configmap" -}}
|
|
|
|
{{- $values := .Values.k8sgateway }}
|
2023-03-04 12:42:14 +00:00
|
|
|
{{- $fqdn := ( include "tc.v1.common.lib.chart.names.fqdn" . ) }}
|
|
|
|
enabled: true
|
2022-09-22 22:05:40 +00:00
|
|
|
data:
|
2023-06-05 07:08:22 +00:00
|
|
|
Corefile: |
|
2022-09-22 22:05:40 +00:00
|
|
|
.:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} {
|
|
|
|
errors
|
|
|
|
log
|
|
|
|
health {
|
|
|
|
lameduck 5s
|
|
|
|
}
|
|
|
|
ready
|
|
|
|
{{- range .Values.k8sgateway.domains }}
|
|
|
|
{{- if .dnsChallenge.enabled }}
|
2023-06-05 07:08:22 +00:00
|
|
|
{{- if not .dnsChallenge.domain -}}
|
|
|
|
{{- fail "DNS01 challenge domain is mandatory" -}}
|
|
|
|
{{- end }}
|
|
|
|
|
2022-09-24 18:49:03 +00:00
|
|
|
template IN ANY {{ required "Delegated domain ('domain') is mandatory" .domain }} {
|
2022-09-22 22:05:40 +00:00
|
|
|
match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}"
|
2023-06-05 07:08:22 +00:00
|
|
|
{{- $name := "{{ \"{{ .Name }}\" }}" }}
|
|
|
|
{{- $index := "{{ \"{{ index .Match 1 }}\" }}" }}
|
|
|
|
answer "{{ $name }} 5 IN CNAME {{ $index }}.{{ .dnsChallenge.domain }}"
|
2022-09-22 22:05:40 +00:00
|
|
|
fallthrough
|
|
|
|
}
|
|
|
|
{{- end }}
|
2023-02-22 09:13:26 +00:00
|
|
|
{{- end }}
|
|
|
|
k8s_gateway {{ range .Values.k8sgateway.domains }}"{{ required "Delegated domain ('domain') is mandatory " .domain }}"{{ end }} {
|
2022-09-22 22:05:40 +00:00
|
|
|
apex {{ $values.apex | default $fqdn }}
|
|
|
|
ttl {{ $values.ttl }}
|
|
|
|
{{- if $values.secondary }}
|
|
|
|
secondary {{ $values.secondary }}
|
|
|
|
{{- end }}
|
|
|
|
{{- if $values.watchedResources }}
|
|
|
|
resources {{ join " " $values.watchedResources }}
|
|
|
|
{{- end }}
|
|
|
|
fallthrough
|
|
|
|
}
|
2023-02-22 09:13:26 +00:00
|
|
|
|
2022-09-22 22:05:40 +00:00
|
|
|
prometheus 0.0.0.0:9153
|
|
|
|
{{- if .Values.k8sgateway.forward.enabled }}
|
|
|
|
forward . {{ .Values.k8sgateway.forward.primary }} {{ .Values.k8sgateway.forward.secondary }} {
|
|
|
|
{{- range .Values.k8sgateway.forward.options }}
|
|
|
|
{{ .name }} {{ .value }}
|
|
|
|
{{- end }}
|
|
|
|
}
|
|
|
|
{{- else }}
|
|
|
|
forward . 1.1.1.1
|
|
|
|
{{- end }}
|
|
|
|
loop
|
|
|
|
reload
|
|
|
|
loadbalance
|
|
|
|
}
|
|
|
|
{{- end -}}
|