zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Your commit message

Browse Source
This commit is contained in:
zeaslity
2024-11-27 10:33:20 +08:00
commit 080c7bb97f
911 changed files with 168439 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
部署应用/Oracle-Cloud/traefik-20.5.3/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,20 @@
Traefik Proxy {{ .Chart.AppVersion }} has been deployed successfully
on {{ template "traefik.namespace" . }} namespace !
{{- if .Values.hub.enabled }}
{{- if coalesce (ne (include "traefik.namespace" .) "hub-agent") .Values.hub.tunnelPort (ne (.Values.ports.metrics.port | int) 9100) }}
Traefik Hub integration is enabled ! With your specific parameters,
`metricsURL`, `tunnelHost` and `tunnelPort` needs to be set accordingly
on hub-agent Helm Chart. Based on this Chart, it should be:
--set controllerDeployment.traefik.metricsURL=traefik-hub.{{ template "traefik.namespace" . }}.svc.cluster.local:{{ .Values.ports.metrics.port }}/metrics
--set tunnelDeployment.traefik.tunnelHost=traefik-hub.{{ template "traefik.namespace" . }}.svc.cluster.local
--set tunnelDeployment.traefik.tunnelPort={{ default 9901 .Values.hub.tunnelPort }}
See https://doc.traefik.io/traefik-hub/install/#traefik-hub-agent-install-with-helmchart
{{- end }}
{{- end }}

123
部署应用/Oracle-Cloud/traefik-20.5.3/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,123 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "traefik.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "traefik.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the chart image name.
*/}}
{{- define "traefik.image-name" -}}
{{- printf "%s:%s" .Values.image.name (.Values.image.tag | default .Chart.AppVersion) }}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "traefik.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Allow customization of the instance label value.
*/}}
{{- define "traefik.instance-name" -}}
{{- default (printf "%s-%s" .Release.Name .Release.Namespace) .Values.instanceLabelOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Shared labels used for selector*/}}
{{/* This is an immutable field: this should not change between upgrade */}}
{{- define "traefik.labelselector" -}}
app.kubernetes.io/name: {{ template "traefik.name" . }}
app.kubernetes.io/instance: {{ template "traefik.instance-name" . }}
{{- end }}
{{/* Shared labels used in metada */}}
{{- define "traefik.labels" -}}
{{ include "traefik.labelselector" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Construct the namespace for all namespaced resources
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
Preserve the default behavior of the Release namespace if no override is provided
*/}}
{{- define "traefik.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
The name of the service account to use
*/}}
{{- define "traefik.serviceAccountName" -}}
{{- default (include "traefik.fullname" .) .Values.serviceAccount.name -}}
{{- end -}}
{{/*
The name of the ClusterRole and ClusterRoleBinding to use.
Adds the namespace to name to prevent duplicate resource names when there
are multiple namespaced releases with the same release name.
*/}}
{{- define "traefik.clusterRoleName" -}}
{{- (printf "%s-%s" (include "traefik.fullname" .) .Release.Namespace) | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{/*
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
By convention this will simply use the <namespace>/<service-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
*/}}
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "traefik.fullname" .) -}}
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
{{- print $servicePath | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct a comma-separated list of whitelisted namespaces
*/}}
{{- define "providers.kubernetesIngress.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
{{- end -}}
{{- define "providers.kubernetesCRD.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
{{- end -}}
{{/*
Renders a complete tree, even values that contains template.
*/}}
{{- define "traefik.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{ else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

614
部署应用/Oracle-Cloud/traefik-20.5.3/templates/_podtemplate.tpl Normal file
View File

@@ -0,0 +1,614 @@
{{- define "traefik.podTemplate" }}
metadata:
annotations:
{{- with .Values.deployment.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.metrics }}
{{- if .Values.metrics.prometheus }}
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: {{ quote (index .Values.ports .Values.metrics.prometheus.entryPoint).port }}
{{- end }}
{{- end }}
labels:
{{- include "traefik.labels" . | nindent 8 -}}
{{- with .Values.deployment.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.deployment.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "traefik.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ default 60 .Values.deployment.terminationGracePeriodSeconds }}
hostNetwork: {{ .Values.hostNetwork }}
{{- with .Values.deployment.dnsPolicy }}
dnsPolicy: {{ . }}
{{- end }}
{{- with .Values.deployment.initContainers }}
initContainers:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.deployment.shareProcessNamespace }}
shareProcessNamespace: true
{{- end }}
containers:
- image: {{ template "traefik.image-name" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: {{ template "traefik.fullname" . }}
resources:
{{- with .Values.resources }}
{{- toYaml . | nindent 10 }}
{{- end }}
readinessProbe:
httpGet:
path: /ping
port: {{ default .Values.ports.traefik.port .Values.ports.traefik.healthchecksPort }}
scheme: {{ default "HTTP" .Values.ports.traefik.healthchecksScheme }}
{{- toYaml .Values.readinessProbe | nindent 10 }}
livenessProbe:
httpGet:
path: /ping
port: {{ default .Values.ports.traefik.port .Values.ports.traefik.healthchecksPort }}
scheme: {{ default "HTTP" .Values.ports.traefik.healthchecksScheme }}
{{- toYaml .Values.livenessProbe | nindent 10 }}
lifecycle:
{{- with .Values.deployment.lifecycle }}
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
{{- $hostNetwork := .Values.hostNetwork }}
{{- range $name, $config := .Values.ports }}
{{- if $config }}
{{- if and $hostNetwork (and $config.hostPort $config.port) }}
{{- if ne ($config.hostPort | int) ($config.port | int) }}
{{- fail "ERROR: All hostPort must match their respective containerPort when `hostNetwork` is enabled" }}
{{- end }}
{{- end }}
- name: {{ $name | quote }}
containerPort: {{ $config.port }}
{{- if $config.hostPort }}
hostPort: {{ $config.hostPort }}
{{- end }}
{{- if $config.hostIP }}
hostIP: {{ $config.hostIP }}
{{- end }}
protocol: {{ default "TCP" $config.protocol | quote }}
{{- end }}
{{- end }}
{{- if .Values.hub.enabled }}
- name: "traefikhub-tunl"
containerPort: {{ default 9901 .Values.hub.tunnelPort }}
protocol: "TCP"
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
- name: {{ .Values.persistence.name }}
mountPath: {{ .Values.persistence.path }}
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
- name: tmp
mountPath: /tmp
{{- $root := . }}
{{- range .Values.volumes }}
- name: {{ tpl (.name) $root | replace "." "-" }}
mountPath: {{ .mountPath }}
readOnly: true
{{- end }}
{{- if .Values.experimental.plugins.enabled }}
- name: plugins
mountPath: "/plugins-storage"
{{- end }}
{{- if .Values.additionalVolumeMounts }}
{{- toYaml .Values.additionalVolumeMounts | nindent 10 }}
{{- end }}
args:
{{- with .Values.globalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- range $name, $config := .Values.ports }}
{{- if $config }}
- "--entrypoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
{{- end }}
{{- end }}
- "--api.dashboard=true"
- "--ping=true"
{{- if .Values.metrics }}
{{- with .Values.metrics.datadog }}
- "--metrics.datadog=true"
{{- with .address }}
- "--metrics.datadog.address={{ . }}"
{{- end }}
{{- with .pushInterval }}
- "--metrics.datadog.pushInterval={{ . }}"
{{- end }}
{{- with .prefix }}
- "--metrics.datadog.prefix={{ . }}"
{{- end }}
{{- if .addRoutersLabels}}
- "--metrics.datadog.addRoutersLabels=true"
{{- end }}
{{- if eq (.addEntryPointsLabels | toString) "false" }}
- "--metrics.datadog.addEntryPointsLabels=false"
{{- end }}
{{- if eq (.addServicesLabels | toString) "false" }}
- "--metrics.datadog.addServicesLabels=false"
{{- end }}
{{- end }}
{{- with .Values.metrics.influxdb }}
- "--metrics.influxdb=true"
- "--metrics.influxdb.address={{ .address }}"
- "--metrics.influxdb.protocol={{ .protocol }}"
{{- with .database }}
- "--metrics.influxdb.database={{ . }}"
{{- end }}
{{- with .retentionPolicy }}
- "--metrics.influxdb.retentionPolicy={{ . }}"
{{- end }}
{{- with .username }}
- "--metrics.influxdb.username={{ . }}"
{{- end }}
{{- with .password }}
- "--metrics.influxdb.password={{ . }}"
{{- end }}
{{- with .pushInterval }}
- "--metrics.influxdb.pushInterval={{ . }}"
{{- end }}
{{- range $name, $value := .additionalLabels }}
- "--metrics.influxdb.additionalLabels.{{ $name }}={{ $value }}"
{{- end }}
{{- if .addRoutersLabels}}
- "--metrics.influxdb.addRoutersLabels=true"
{{- end }}
{{- if eq (.addEntryPointsLabels | toString) "false" }}
- "--metrics.influxdb.addEntryPointsLabels=false"
{{- end }}
{{- if eq (.addServicesLabels | toString) "false" }}
- "--metrics.influxdb.addServicesLabels=false"
{{- end }}
{{- end }}
{{- with .Values.metrics.influxdb2 }}
- "--metrics.influxdb2=true"
- "--metrics.influxdb2.address={{ .address }}"
- "--metrics.influxdb2.token={{ .token }}"
- "--metrics.influxdb2.org={{ .org }}"
- "--metrics.influxdb2.bucket={{ .bucket }}"
{{- with .pushInterval }}
- "--metrics.influxdb2.pushInterval={{ . }}"
{{- end }}
{{- range $name, $value := .additionalLabels }}
- "--metrics.influxdb2.additionalLabels.{{ $name }}={{ $value }}"
{{- end }}
{{- if .addRoutersLabels}}
- "--metrics.influxdb2.addRoutersLabels=true"
{{- end }}
{{- if eq (.addEntryPointsLabels | toString) "false" }}
- "--metrics.influxdb2.addEntryPointsLabels=false"
{{- end }}
{{- if eq (.addServicesLabels | toString) "false" }}
- "--metrics.influxdb2.addServicesLabels=false"
{{- end }}
{{- end }}
{{- if (or .Values.metrics.prometheus .Values.hub.enabled) }}
- "--metrics.prometheus=true"
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
{{- if (or (eq (.Values.metrics.prometheus.addRoutersLabels | toString) "true") .Values.hub.enabled) }}
- "--metrics.prometheus.addRoutersLabels=true"
{{- end }}
{{- if eq (.Values.metrics.prometheus.addEntryPointsLabels | toString) "false" }}
- "--metrics.prometheus.addEntryPointsLabels=false"
{{- end }}
{{- if eq (.Values.metrics.prometheus.addServicesLabels| toString) "false" }}
- "--metrics.prometheus.addServicesLabels=false"
{{- end }}
{{- if .Values.metrics.prometheus.buckets }}
- "--metrics.prometheus.buckets={{ .Values.metrics.prometheus.buckets }}"
{{- end }}
{{- if .Values.metrics.prometheus.manualRouting }}
- "--metrics.prometheus.manualrouting=true"
{{- end }}
{{- end }}
{{- with .Values.metrics.statsd }}
- "--metrics.statsd=true"
- "--metrics.statsd.address={{ .address }}"
{{- with .pushInterval }}
- "--metrics.statsd.pushInterval={{ . }}"
{{- end }}
{{- with .prefix }}
- "--metrics.statsd.prefix={{ . }}"
{{- end }}
{{- if .addRoutersLabels}}
- "--metrics.statsd.addRoutersLabels=true"
{{- end }}
{{- if eq (.addEntryPointsLabels | toString) "false" }}
- "--metrics.statsd.addEntryPointsLabels=false"
{{- end }}
{{- if eq (.addServicesLabels | toString) "false" }}
- "--metrics.statsd.addServicesLabels=false"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.tracing }}
{{- if .Values.tracing.instana }}
- "--tracing.instana=true"
{{- if .Values.tracing.instana.localAgentHost }}
- "--tracing.instana.localAgentHost={{ .Values.tracing.instana.localAgentHost }}"
{{- end }}
{{- if .Values.tracing.instana.localAgentPort }}
- "--tracing.instana.localAgentPort={{ .Values.tracing.instana.localAgentPort }}"
{{- end }}
{{- if .Values.tracing.instana.logLevel }}
- "--tracing.instana.logLevel={{ .Values.tracing.instana.logLevel }}"
{{- end }}
{{- if .Values.tracing.instana.enableAutoProfile }}
- "--tracing.instana.enableAutoProfile={{ .Values.tracing.instana.enableAutoProfile }}"
{{- end }}
{{- end }}
{{- if .Values.tracing.datadog }}
- "--tracing.datadog=true"
{{- if .Values.tracing.datadog.localAgentHostPort }}
- "--tracing.datadog.localAgentHostPort={{ .Values.tracing.datadog.localAgentHostPort }}"
{{- end }}
{{- if .Values.tracing.datadog.debug }}
- "--tracing.datadog.debug=true"
{{- end }}
{{- if .Values.tracing.datadog.globalTag }}
- "--tracing.datadog.globalTag={{ .Values.tracing.datadog.globalTag }}"
{{- end }}
{{- if .Values.tracing.datadog.prioritySampling }}
- "--tracing.datadog.prioritySampling=true"
{{- end }}
{{- end }}
{{- if .Values.tracing.jaeger }}
- "--tracing.jaeger=true"
{{- if .Values.tracing.jaeger.samplingServerURL }}
- "--tracing.jaeger.samplingServerURL={{ .Values.tracing.jaeger.samplingServerURL }}"
{{- end }}
{{- if .Values.tracing.jaeger.samplingType }}
- "--tracing.jaeger.samplingType={{ .Values.tracing.jaeger.samplingType }}"
{{- end }}
{{- if .Values.tracing.jaeger.samplingParam }}
- "--tracing.jaeger.samplingParam={{ .Values.tracing.jaeger.samplingParam }}"
{{- end }}
{{- if .Values.tracing.jaeger.localAgentHostPort }}
- "--tracing.jaeger.localAgentHostPort={{ .Values.tracing.jaeger.localAgentHostPort }}"
{{- end }}
{{- if .Values.tracing.jaeger.gen128Bit }}
- "--tracing.jaeger.gen128Bit={{ .Values.tracing.jaeger.gen128Bit }}"
{{- end }}
{{- if .Values.tracing.jaeger.propagation }}
- "--tracing.jaeger.propagation={{ .Values.tracing.jaeger.propagation }}"
{{- end }}
{{- if .Values.tracing.jaeger.traceContextHeaderName }}
- "--tracing.jaeger.traceContextHeaderName={{ .Values.tracing.jaeger.traceContextHeaderName }}"
{{- end }}
{{- if .Values.tracing.jaeger.disableAttemptReconnecting }}
- "--tracing.jaeger.disableAttemptReconnecting={{ .Values.tracing.jaeger.disableAttemptReconnecting }}"
{{- end }}
{{- if .Values.tracing.jaeger.collector }}
{{- if .Values.tracing.jaeger.collector.endpoint }}
- "--tracing.jaeger.collector.endpoint={{ .Values.tracing.jaeger.collector.endpoint }}"
{{- end }}
{{- if .Values.tracing.jaeger.collector.user }}
- "--tracing.jaeger.collector.user={{ .Values.tracing.jaeger.collector.user }}"
{{- end }}
{{- if .Values.tracing.jaeger.collector.password }}
- "--tracing.jaeger.collector.password={{ .Values.tracing.jaeger.collector.password }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.tracing.zipkin }}
- "--tracing.zipkin=true"
{{- if .Values.tracing.zipkin.httpEndpoint }}
- "--tracing.zipkin.httpEndpoint={{ .Values.tracing.zipkin.httpEndpoint }}"
{{- end }}
{{- if .Values.tracing.zipkin.sameSpan }}
- "--tracing.zipkin.sameSpan={{ .Values.tracing.zipkin.sameSpan }}"
{{- end }}
{{- if .Values.tracing.zipkin.id128Bit }}
- "--tracing.zipkin.id128Bit={{ .Values.tracing.zipkin.id128Bit }}"
{{- end }}
{{- if .Values.tracing.zipkin.sampleRate }}
- "--tracing.zipkin.sampleRate={{ .Values.tracing.zipkin.sampleRate }}"
{{- end }}
{{- end }}
{{- if .Values.tracing.haystack }}
- "--tracing.haystack=true"
{{- if .Values.tracing.haystack.localAgentHost }}
- "--tracing.haystack.localAgentHost={{ .Values.tracing.haystack.localAgentHost }}"
{{- end }}
{{- if .Values.tracing.haystack.localAgentPort }}
- "--tracing.haystack.localAgentPort={{ .Values.tracing.haystack.localAgentPort }}"
{{- end }}
{{- if .Values.tracing.haystack.globalTag }}
- "--tracing.haystack.globalTag={{ .Values.tracing.haystack.globalTag }}"
{{- end }}
{{- if .Values.tracing.haystack.traceIDHeaderName }}
- "--tracing.haystack.traceIDHeaderName={{ .Values.tracing.haystack.traceIDHeaderName }}"
{{- end }}
{{- if .Values.tracing.haystack.parentIDHeaderName }}
- "--tracing.haystack.parentIDHeaderName={{ .Values.tracing.haystack.parentIDHeaderName }}"
{{- end }}
{{- if .Values.tracing.haystack.spanIDHeaderName }}
- "--tracing.haystack.spanIDHeaderName={{ .Values.tracing.haystack.spanIDHeaderName }}"
{{- end }}
{{- if .Values.tracing.haystack.baggagePrefixHeaderName }}
- "--tracing.haystack.baggagePrefixHeaderName={{ .Values.tracing.haystack.baggagePrefixHeaderName }}"
{{- end }}
{{- end }}
{{- if .Values.tracing.elastic }}
- "--tracing.elastic=true"
{{- if .Values.tracing.elastic.serverURL }}
- "--tracing.elastic.serverURL={{ .Values.tracing.elastic.serverURL }}"
{{- end }}
{{- if .Values.tracing.elastic.secretToken }}
- "--tracing.elastic.secretToken={{ .Values.tracing.elastic.secretToken }}"
{{- end }}
{{- if .Values.tracing.elastic.serviceEnvironment }}
- "--tracing.elastic.serviceEnvironment={{ .Values.tracing.elastic.serviceEnvironment }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd"
{{- if .Values.providers.kubernetesCRD.labelSelector }}
- "--providers.kubernetescrd.labelSelector={{ .Values.providers.kubernetesCRD.labelSelector }}"
{{- end }}
{{- if .Values.providers.kubernetesCRD.ingressClass }}
- "--providers.kubernetescrd.ingressClass={{ .Values.providers.kubernetesCRD.ingressClass }}"
{{- end }}
{{- if (or .Values.providers.kubernetesCRD.allowCrossNamespace .Values.hub.enabled) }}
- "--providers.kubernetescrd.allowCrossNamespace=true"
{{- end }}
{{- if (or .Values.providers.kubernetesCRD.allowExternalNameServices .Values.hub.enabled) }}
- "--providers.kubernetescrd.allowExternalNameServices=true"
{{- end }}
{{- if .Values.providers.kubernetesCRD.allowEmptyServices }}
- "--providers.kubernetescrd.allowEmptyServices=true"
{{- end }}
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress"
{{- if .Values.providers.kubernetesIngress.allowExternalNameServices }}
- "--providers.kubernetesingress.allowExternalNameServices=true"
{{- end }}
{{- if .Values.providers.kubernetesIngress.allowEmptyServices }}
- "--providers.kubernetesingress.allowEmptyServices=true"
{{- end }}
{{- if and .Values.service.enabled .Values.providers.kubernetesIngress.publishedService.enabled }}
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.labelSelector }}
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.ingressClass }}
- "--providers.kubernetesingress.ingressClass={{ .Values.providers.kubernetesIngress.ingressClass }}"
{{- end }}
{{- end }}
{{- if .Values.experimental.kubernetesGateway.enabled }}
- "--providers.kubernetesgateway"
- "--experimental.kubernetesgateway"
{{- end }}
{{- with .Values.providers.kubernetesCRD }}
{{- if (and .enabled (or .namespaces (and $.Values.rbac.enabled $.Values.rbac.namespaced))) }}
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" $ }}"
{{- end }}
{{- end }}
{{- with .Values.providers.kubernetesIngress }}
{{- if (and .enabled (or .namespaces (and $.Values.rbac.enabled $.Values.rbac.namespaced))) }}
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" $ }}"
{{- end }}
{{- end }}
{{- range $entrypoint, $config := $.Values.ports }}
{{- if $config.redirectTo }}
{{- $toPort := index $.Values.ports $config.redirectTo }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- end }}
{{- if $config.middlewares }}
- "--entrypoints.{{ $entrypoint }}.http.middlewares={{ join "," $config.middlewares }}"
{{- end }}
{{- if $config.tls }}
{{- if $config.tls.enabled }}
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
{{- if $config.tls.options }}
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
{{- end }}
{{- if $config.tls.certResolver }}
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
{{- end }}
{{- if $config.tls.domains }}
{{- range $index, $domain := $config.tls.domains }}
{{- if $domain.main }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
{{- end }}
{{- if $domain.sans }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
{{- end }}
{{- end }}
{{- end }}
{{- if $config.http3 }}
{{- if $config.http3.enabled }}
- "--experimental.http3=true"
{{- if semverCompare ">=2.6.0" (default $.Chart.AppVersion $.Values.image.tag)}}
{{- if $config.http3.advertisedPort }}
- "--entrypoints.{{ $entrypoint }}.http3.advertisedPort={{ $config.http3.advertisedPort }}"
{{- else }}
- "--entrypoints.{{ $entrypoint }}.http3"
{{- end }}
{{- else }}
- "--entrypoints.{{ $entrypoint }}.enableHTTP3=true"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if $config.forwardedHeaders }}
{{- if $config.forwardedHeaders.trustedIPs }}
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
{{- end }}
{{- if $config.forwardedHeaders.insecure }}
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
{{- end }}
{{- end }}
{{- if $config.proxyProtocol }}
{{- if $config.proxyProtocol.trustedIPs }}
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
{{- end }}
{{- if $config.proxyProtocol.insecure }}
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.logs }}
{{- if .general.format }}
- "--log.format={{ .general.format }}"
{{- end }}
{{- if ne .general.level "ERROR" }}
- "--log.level={{ .general.level | upper }}"
{{- end }}
{{- if .access.enabled }}
- "--accesslog=true"
{{- if .access.format }}
- "--accesslog.format={{ .access.format }}"
{{- end }}
{{- if .access.bufferingsize }}
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
{{- end }}
{{- if .access.filters }}
{{- if .access.filters.statuscodes }}
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
{{- end }}
{{- if .access.filters.retryattempts }}
- "--accesslog.filters.retryattempts"
{{- end }}
{{- if .access.filters.minduration }}
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
{{- end }}
{{- end }}
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
{{- end }}
{{- end }}
{{- range $resolver, $config := $.Values.certResolvers }}
{{- range $option, $setting := $config }}
{{- if kindIs "map" $setting }}
{{- range $field, $value := $setting }}
- "--certificatesresolvers.{{ $resolver }}.acme.{{ $option }}.{{ $field }}={{ if kindIs "slice" $value }}{{ join "," $value }}{{ else }}{{ $value }}{{ end }}"
{{- end }}
{{- else }}
- "--certificatesresolvers.{{ $resolver }}.acme.{{ $option }}={{ $setting }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.hub.enabled }}
- "--experimental.hub"
- "--hub"
{{- if .Values.hub.tunnelPort }}
- --entrypoints.traefikhub-tunl.address=:{{.Values.hub.tunnelPort}}
{{- end }}
{{- with .Values.hub.tls }}
{{- if (and .insecure (coalesce .ca .cert .key)) }}
{{- fail "ERROR: You cannot specify insecure and certs on TLS for Traefik Hub at the same time" }}
{{- end }}
{{- if .insecure }}
- "--hub.tls.insecure=true"
{{- end }}
{{- if .ca }}
- "--hub.tls.ca={{ .ca }}"
{{- end }}
{{- if .cert }}
- "--hub.tls.cert={{ .cert }}"
{{- end }}
{{- if .key }}
- "--hub.tls.key={{ .key }}"
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.additionalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- with .Values.env }}
env:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.deployment.additionalContainers }}
{{- toYaml .Values.deployment.additionalContainers | nindent 6 }}
{{- end }}
volumes:
- name: {{ .Values.persistence.name }}
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ default (include "traefik.fullname" .) .Values.persistence.existingClaim }}
{{- else }}
emptyDir: {}
{{- end }}
- name: tmp
emptyDir: {}
{{- $root := . }}
{{- range .Values.volumes }}
- name: {{ tpl (.name) $root | replace "." "-" }}
{{- if eq .type "secret" }}
secret:
secretName: {{ tpl (.name) $root }}
{{- else if eq .type "configMap" }}
configMap:
name: {{ tpl (.name) $root }}
{{- end }}
{{- end }}
{{- if .Values.deployment.additionalVolumes }}
{{- toYaml .Values.deployment.additionalVolumes | nindent 8 }}
{{- end }}
{{- if .Values.experimental.plugins.enabled }}
- name: plugins
emptyDir: {}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{- tpl (toYaml .Values.affinity) . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
{{- if (semverCompare "<1.19.0-0" .Capabilities.KubeVersion.Version) }}
{{- fail "ERROR: topologySpreadConstraints are supported only on kubernetes >= v1.19" -}}
{{- end }}
topologySpreadConstraints:
{{- tpl (toYaml .Values.topologySpreadConstraints) . | nindent 8 }}
{{- end }}
{{ end -}}

48
部署应用/Oracle-Cloud/traefik-20.5.3/templates/_service-internal.tpl Normal file
View File

@@ -0,0 +1,48 @@
{{- define "traefik.service-internal-metadata" }}
labels:
{{- include "traefik.labels" . | nindent 4 -}}
{{- with .Values.service.internal.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- define "traefik.service-internal-spec" -}}
{{- $type := default "ClusterIP" .Values.service.internal.type }}
type: {{ $type }}
{{- with .Values.service.internal.spec }}
{{- toYaml . | nindent 2 }}
{{- end }}
selector:
{{- include "traefik.labelselector" . | nindent 4 }}
{{- if eq $type "LoadBalancer" }}
{{- with .Values.service.internal.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- end -}}
{{- with .Values.service.internal.externalIPs }}
externalIPs:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- with .Values.service.internal.ipFamilyPolicy }}
ipFamilyPolicy: {{ . }}
{{- end }}
{{- with .Values.service.internal.ipFamilies }}
ipFamilies:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- end }}
{{- define "traefik.service-internal-ports" }}
{{- range $name, $config := . }}
{{- if $config.expose }}
- port: {{ default $config.port $config.exposedPort }}
name: {{ $name | quote }}
targetPort: {{ $name }}
protocol: {{ default "TCP" $config.protocol }}
{{- if $config.nodePort }}
nodePort: {{ $config.nodePort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

22
部署应用/Oracle-Cloud/traefik-20.5.3/templates/_service-metrics.tpl Normal file
View File

@@ -0,0 +1,22 @@
{{- define "traefik.metrics-service-metadata" }}
labels:
{{- include "traefik.metricsservicelabels" . | nindent 4 -}}
{{- with .Values.metrics.prometheus.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{/* Labels used for metrics-relevant selector*/}}
{{/* This is an immutable field: this should not change between upgrade */}}
{{- define "traefik.metricslabelselector" -}}
{{- include "traefik.labelselector" . }}
app.kubernetes.io/component: metrics
{{- end }}
{{/* Shared labels used in metadata of metrics-service and servicemonitor */}}
{{- define "traefik.metricsservicelabels" -}}
{{ include "traefik.metricslabelselector" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

60
部署应用/Oracle-Cloud/traefik-20.5.3/templates/_service.tpl Normal file
View File

@@ -0,0 +1,60 @@
{{- define "traefik.service-metadata" }}
labels:
{{- include "traefik.labels" . | nindent 4 -}}
{{- with .Values.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- define "traefik.service-spec" -}}
{{- $type := default "LoadBalancer" .Values.service.type }}
type: {{ $type }}
{{- with .Values.service.spec }}
{{- toYaml . | nindent 2 }}
{{- end }}
selector:
{{- include "traefik.labelselector" . | nindent 4 }}
{{- if eq $type "LoadBalancer" }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- end -}}
{{- with .Values.service.externalIPs }}
externalIPs:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- with .Values.service.ipFamilyPolicy }}
ipFamilyPolicy: {{ . }}
{{- end }}
{{- with .Values.service.ipFamilies }}
ipFamilies:
{{- toYaml . | nindent 2 }}
{{- end -}}
{{- end }}
{{- define "traefik.service-ports" }}
{{- range $name, $config := . }}
{{- if $config.expose }}
- port: {{ default $config.port $config.exposedPort }}
name: {{ $name | quote }}
targetPort: {{ $name }}
protocol: {{ default "TCP" $config.protocol }}
{{- if $config.nodePort }}
nodePort: {{ $config.nodePort }}
{{- end }}
{{- end }}
{{- if $config.http3 }}
{{- if $config.http3.enabled }}
{{- $http3Port := default $config.exposedPort $config.http3.advertisedPort }}
- port: {{ $http3Port }}
name: "{{ $name }}-http3"
targetPort: {{ $config.port }}
protocol: UDP
{{- if $config.nodePort }}
nodePort: {{ $config.nodePort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

43
部署应用/Oracle-Cloud/traefik-20.5.3/templates/daemonset.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- if and .Values.deployment.enabled (eq .Values.deployment.kind "DaemonSet") -}}
{{- with .Values.additionalArguments -}}
{{- range . -}}
{{- if contains ".acme." . -}}
{{- fail (printf "ACME functionality is not supported when running Traefik as a DaemonSet") -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if eq (default .Chart.AppVersion .Values.image.tag) "latest" }}
{{- fail "\n\n ERROR: latest tag should not be used" }}
{{- end }}
{{- if eq (.Values.updateStrategy.type) "RollingUpdate" }}
{{- if and (lt .Values.updateStrategy.rollingUpdate.maxUnavailable 1.0) (.Values.hostNetwork) }}
{{- fail "maxUnavailable should be greater than 1 when using hostNetwork." }}
{{- end }}
{{- end }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "traefik.fullname" . }}
namespace: {{ template "traefik.namespace" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
{{- with .Values.deployment.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.deployment.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "traefik.labelselector" . | nindent 6 }}
updateStrategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
minReadySeconds: {{ .Values.deployment.minReadySeconds }}
{{- if .Values.deployment.revisionHistoryLimit }}
revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}
{{- end }}
template: {{ template "traefik.podTemplate" . }}
{{- end -}}

36
部署应用/Oracle-Cloud/traefik-20.5.3/templates/dashboard-hook-ingressroute.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if .Values.ingressRoute.dashboard.enabled -}}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ template "traefik.fullname" . }}-dashboard
namespace: {{ template "traefik.namespace" . }}
annotations:
helm.sh/hook: "post-install,post-upgrade"
meta.helm.sh/release-name: {{ .Release.Name }}
meta.helm.sh/release-namespace: {{ template "traefik.namespace" . }}
{{- with .Values.ingressRoute.dashboard.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
{{- with .Values.ingressRoute.dashboard.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
entryPoints:
{{- range .Values.ingressRoute.dashboard.entryPoints }}
- {{ . }}
{{- end }}
routes:
- match: {{ .Values.ingressRoute.dashboard.matchRule }}
kind: Rule
services:
- name: api@internal
kind: TraefikService
{{- if .Values.ingressRoute.dashboard.middlewares }}
middlewares:
{{- with .Values.ingressRoute.dashboard.middlewares }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}
{{- end -}}

48
部署应用/Oracle-Cloud/traefik-20.5.3/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,48 @@
{{/* check helm version */}}
{{- if (semverCompare "<v3.9.0" (.Capabilities.HelmVersion.Version | default "v3.0.0")) -}}
{{- fail "ERROR: Helm >= 3.9.0 is required" -}}
{{- end -}}
{{- if and .Values.deployment.enabled (eq .Values.deployment.kind "Deployment") -}}
{{- if gt (int .Values.deployment.replicas) 1 -}}
{{- with .Values.additionalArguments -}}
{{- range . -}}
{{- if contains ".acme." . -}}
{{- fail (printf "You can not enable acme if you set more than one traefik replica") -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if eq (default .Chart.AppVersion .Values.image.tag) "latest" }}
{{- fail "\n\n ERROR: latest tag should not be used" }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "traefik.fullname" . }}
namespace: {{ template "traefik.namespace" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
{{- with .Values.deployment.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.deployment.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ default 1 .Values.deployment.replicas }}
{{- end }}
{{- if .Values.deployment.revisionHistoryLimit }}
revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}
{{- end }}
selector:
matchLabels:
{{- include "traefik.labelselector" . | nindent 6 }}
strategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
minReadySeconds: {{ .Values.deployment.minReadySeconds }}
template: {{ template "traefik.podTemplate" . }}
{{- end -}}

4
部署应用/Oracle-Cloud/traefik-20.5.3/templates/extra-objects.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraObjects }}
---
{{ include "traefik.render" (dict "value" . "context" $) }}
{{- end }}

27
部署应用/Oracle-Cloud/traefik-20.5.3/templates/gateway.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if .Values.experimental.kubernetesGateway.enabled }}
{{- if .Values.experimental.kubernetesGateway.gateway.enabled }}
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
name: traefik-gateway
namespace: {{ default (include "traefik.namespace" .) .Values.experimental.kubernetesGateway.namespace }}
spec:
gatewayClassName: traefik
listeners:
- name: web
port: {{ .Values.ports.web.port }}
protocol: HTTP
{{- if .Values.experimental.kubernetesGateway.certificate }}
- name: websecure
port: {{ $.Values.ports.websecure.port }}
protocol: HTTPS
tls:
certificateRefs:
- name: {{ .Values.experimental.kubernetesGateway.certificate.name }}
group: {{ .Values.experimental.kubernetesGateway.certificate.group }}
kind: {{ .Values.experimental.kubernetesGateway.certificate.kind }}
{{- end }}
{{- end }}
{{- end }}

9
部署应用/Oracle-Cloud/traefik-20.5.3/templates/gatewayclass.yaml Normal file
View File

@@ -0,0 +1,9 @@
{{- if .Values.experimental.kubernetesGateway.enabled }}
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
name: traefik
spec:
controllerName: traefik.io/gateway-controller
{{- end }}

39
部署应用/Oracle-Cloud/traefik-20.5.3/templates/hpa.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if .Values.autoscaling.enabled }}
{{- if not .Values.autoscaling.maxReplicas }}
{{- fail "ERROR: maxReplicas is required on HPA" }}
{{- end }}
{{- if .Capabilities.APIVersions.Has "autoscaling/v2" }}
apiVersion: autoscaling/v2
{{- else if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }}
apiVersion: autoscaling/v2beta2
{{- else if .Capabilities.APIVersions.Has "autoscaling/v2beta1" }}
apiVersion: autoscaling/v2beta1
{{- else }}
{{- fail "ERROR: You must have at least autoscaling/v2beta1 to use HorizontalPodAutoscaler" }}
{{- end }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "traefik.fullname" . }}
namespace: {{ template "traefik.namespace" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "traefik.fullname" . }}
{{- if .Values.autoscaling.minReplicas }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
{{- end }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
{{- if .Values.autoscaling.metrics }}
metrics:
{{ toYaml .Values.autoscaling.metrics | indent 4 }}
{{- end }}
{{- if .Values.autoscaling.behavior }}
behavior:
{{ toYaml .Values.autoscaling.behavior | indent 4 }}
{{- end }}
{{- end }}

21
部署应用/Oracle-Cloud/traefik-20.5.3/templates/ingressclass.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.ingressClass.enabled -}}
{{- if (semverCompare "<2.3.0" (.Chart.AppVersion)) -}}
{{- fail "ERROR: IngressClass cannot be used with Traefik < 2.3.0" -}}
{{- end -}}
{{- if semverCompare ">=1.19.0-0" .Capabilities.KubeVersion.Version -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.16.0-0" .Capabilities.KubeVersion.Version }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
{{- fail "ERROR: You must use at least Kubernetes v1.16 with this Chart" }}
{{- end }}
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
name: {{ template "traefik.fullname" . }}
spec:
controller: traefik.io/ingress-controller
{{- end -}}

23
部署应用/Oracle-Cloud/traefik-20.5.3/templates/poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.podDisruptionBudget.enabled -}}
{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}
kind: PodDisruptionBudget
metadata:
name: {{ template "traefik.fullname" . }}
namespace: {{ template "traefik.namespace" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "traefik.labelselector" . | nindent 6 }}
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
{{- end -}}

28
部署应用/Oracle-Cloud/traefik-20.5.3/templates/prometheusrules.yaml Normal file
View File

@@ -0,0 +1,28 @@
{{- if .Values.metrics.prometheus }}
{{- if .Values.metrics.prometheus.prometheusRule }}
{{- if (not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1")) }}
{{- fail "ERROR: You have to deploy monitoring.coreos.com/v1 first" }}
{{- end }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "traefik.fullname" . }}
{{- if .Values.metrics.prometheus.prometheusRule.namespace }}
namespace: {{ .Values.metrics.prometheus.prometheusRule.namespace }}
{{- end }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
{{- with .Values.metrics.prometheus.prometheusRule.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.metrics.prometheus.prometheusRule.rules }}
groups:
- name: {{ template "traefik.name" $ }}
rules:
{{- with .Values.metrics.prometheus.prometheusRule.rules }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

23
部署应用/Oracle-Cloud/traefik-20.5.3/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "traefik.fullname" . }}
namespace: {{ template "traefik.namespace" . }}
annotations:
{{- with .Values.persistence.annotations }}
{{ toYaml . | nindent 4 }}
{{- end }}
helm.sh/resource-policy: keep
labels:
{{- include "traefik.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass | quote }}
{{- end }}
{{- end -}}

105
部署应用/Oracle-Cloud/traefik-20.5.3/templates/rbac/clusterrole.yaml Normal file
View File

@@ -0,0 +1,105 @@
{{- if .Values.rbac.enabled -}}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "traefik.clusterRoleName" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
{{- range .Values.rbac.aggregateTo }}
rbac.authorization.k8s.io/aggregate-to-{{ . }}: "true"
{{- end }}
rules:
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingressclasses
{{- if not .Values.rbac.namespaced }}
- ingresses
{{- end }}
verbs:
- get
- list
- watch
{{- if not .Values.rbac.namespaced }}
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
{{- if .Values.providers.kubernetesIngress.enabled }}
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
{{- end -}}
{{- if .Values.providers.kubernetesCRD.enabled }}
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
{{- end -}}
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- policy
resourceNames:
- {{ template "traefik.fullname" . }}
resources:
- podsecuritypolicies
verbs:
- use
{{- end -}}
{{- if .Values.experimental.kubernetesGateway.enabled }}
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
- gateways
- httproutes
- tcproutes
- tlsroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
- gateways/status
- httproutes/status
- tcproutes/status
- tlsroutes/status
verbs:
- update
{{- end -}}
{{- end -}}
{{- end -}}

17
部署应用/Oracle-Cloud/traefik-20.5.3/templates/rbac/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.rbac.enabled -}}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "traefik.clusterRoleName" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "traefik.clusterRoleName" . }}
subjects:
- kind: ServiceAccount
name: {{ include "traefik.serviceAccountName" . }}
namespace: {{ template "traefik.namespace" . }}
{{- end -}}

65
部署应用/Oracle-Cloud/traefik-20.5.3/templates/rbac/podsecuritypolicy.yaml Normal file
View File

@@ -0,0 +1,65 @@
{{- if .Values.podSecurityPolicy.enabled }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
name: {{ template "traefik.fullname" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
{{- if not .Values.securityContext.runAsNonRoot }}
allowedCapabilities:
- NET_BIND_SERVICE
{{- end }}
hostNetwork: {{ .Values.hostNetwork }}
hostIPC: false
hostPID: false
fsGroup:
{{- if .Values.securityContext.runAsNonRoot }}
ranges:
- max: 65535
min: 1
rule: MustRunAs
{{- else }}
rule: RunAsAny
{{- end }}
{{- if .Values.hostNetwork }}
hostPorts:
- max: 65535
min: 1
{{- end }}
readOnlyRootFilesystem: true
runAsUser:
{{- if .Values.securityContext.runAsNonRoot }}
rule: MustRunAsNonRoot
{{- else }}
rule: RunAsAny
{{- end }}
seLinux:
rule: RunAsAny
supplementalGroups:
{{- if .Values.securityContext.runAsNonRoot }}
ranges:
- max: 65535
min: 1
rule: MustRunAs
{{- else }}
rule: RunAsAny
{{- end }}
volumes:
- configMap
- downwardAPI
- secret
- emptyDir
- projected
{{- if .Values.persistence.enabled }}
- persistentVolumeClaim
{{- end -}}
{{- end -}}

66
部署应用/Oracle-Cloud/traefik-20.5.3/templates/rbac/role.yaml Normal file
View File

@@ -0,0 +1,66 @@
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "traefik.fullname" . }}
namespace: {{ template "traefik.namespace" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
{{- if .Values.providers.kubernetesIngress.enabled }}
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
{{- end -}}
{{- if .Values.providers.kubernetesCRD.enabled }}
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
{{- end -}}
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resourceNames:
- {{ template "traefik.fullname" . }}
resources:
- podsecuritypolicies
verbs:
- use
{{- end -}}
{{- end -}}

17
部署应用/Oracle-Cloud/traefik-20.5.3/templates/rbac/rolebinding.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "traefik.fullname" . }}
namespace: {{ template "traefik.namespace" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "traefik.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "traefik.serviceAccountName" . }}
namespace: {{ template "traefik.namespace" . }}
{{- end -}}

13
部署应用/Oracle-Cloud/traefik-20.5.3/templates/rbac/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if not .Values.serviceAccount.name -}}
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{ include "traefik.serviceAccountName" . }}
namespace: {{ template "traefik.namespace" . }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
annotations:
{{- with .Values.serviceAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

25
部署应用/Oracle-Cloud/traefik-20.5.3/templates/service-hub.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.hub.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: traefik-hub
namespace: {{ template "traefik.namespace" . }}
{{- template "traefik.service-metadata" . }}
spec:
type: ClusterIP
selector:
{{- include "traefik.labelselector" . | nindent 4 }}
ports:
- port: {{ .Values.ports.metrics.port }}
name: "metrics"
targetPort: metrics
protocol: TCP
{{- if .Values.ports.metrics.nodePort }}
nodePort: {{ .Values.ports.metrics.nodePort }}
{{- end }}
- port: {{ default 9901 .Values.hub.tunnelPort }}
name: "traefikhub-tunl"
targetPort: traefikhub-tunl
protocol: TCP
{{- end -}}

58
部署应用/Oracle-Cloud/traefik-20.5.3/templates/service-internal.yaml Normal file
View File

@@ -0,0 +1,58 @@
{{- if .Values.service.internal -}}
{{- $fullname := include "traefik.fullname" . }}
{{- if ge (len $fullname) 50 }}
{{- fail "ERROR: Cannot create an internal service when name contains more than 50 characters" }}
{{- end }}
{{- $tcpPorts := dict -}}
{{- $udpPorts := dict -}}
{{- $exposedPorts := false -}}
{{- range $name, $config := .Values.ports -}}
{{- if eq (toString $config.protocol) "UDP" -}}
{{ $_ := set $udpPorts $name $config -}}
{{- end -}}
{{- if eq (toString (default "TCP" $config.protocol)) "TCP" -}}
{{ $_ := set $tcpPorts $name $config -}}
{{- end -}}
{{- end -}}
{{- if (or $tcpPorts .Values.service.single) }}
apiVersion: v1
kind: Service
metadata:
name: {{ $fullname}}-internal
namespace: {{ template "traefik.namespace" . }}
{{- template "traefik.service-internal-metadata" . }}
annotations:
{{- with .Values.service.internal.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- template "traefik.service-internal-spec" . }}
ports:
{{- template "traefik.service-internal-ports" $tcpPorts }}
{{- if .Values.service.single }}
{{- template "traefik.service-internal-ports" $udpPorts }}
{{- end }}
{{- end }}
{{- if (and $udpPorts (not .Values.service.single)) }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $fullname }}-internal-udp
namespace: {{ template "traefik.namespace" . }}
{{- template "traefik.service-internal-metadata" . }}
annotations:
{{- with .Values.service.internal.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- template "traefik.service-internal-spec" . }}
ports:
{{- template "traefik.service-internal-ports" $udpPorts }}
{{- end }}
{{- end -}}

30
部署应用/Oracle-Cloud/traefik-20.5.3/templates/service-metrics.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- $fullname := include "traefik.fullname" . }}
{{- if ge (len $fullname) 50 }}
{{- fail "ERROR: Cannot create a metrics service when name contains more than 50 characters" }}
{{- end }}
{{- if (and (.Values.metrics.prometheus.service).enabled (not .Values.hub.enabled)) -}}
apiVersion: v1
kind: Service
metadata:
name: {{ $fullname }}-metrics
namespace: {{ template "traefik.namespace" . }}
{{- template "traefik.metrics-service-metadata" . }}
annotations:
{{- with .Values.metrics.prometheus.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
selector:
{{- include "traefik.labelselector" . | nindent 4 }}
ports:
- port: {{ .Values.ports.metrics.port }}
name: "metrics"
targetPort: metrics
protocol: TCP
{{- if .Values.ports.metrics.nodePort }}
nodePort: {{ .Values.ports.metrics.nodePort }}
{{- end }}
{{- end -}}

67
部署应用/Oracle-Cloud/traefik-20.5.3/templates/service.yaml Normal file
View File

@@ -0,0 +1,67 @@
{{- if .Values.service.enabled -}}
{{- $tcpPorts := dict -}}
{{- $udpPorts := dict -}}
{{- $exposedPorts := false -}}
{{- range $name, $config := .Values.ports -}}
{{- if $config.http3 -}}
{{- if $config.http3.enabled -}}
{{- if (not $config.tls.enabled) -}}
{{- fail "ERROR: You cannot enable http3 without enabling tls" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if eq (toString $config.protocol) "UDP" -}}
{{ $_ := set $udpPorts $name $config -}}
{{- end -}}
{{- if eq (toString (default "TCP" $config.protocol)) "TCP" -}}
{{ $_ := set $tcpPorts $name $config -}}
{{- end -}}
{{- if (eq $config.expose true) -}}
{{- $exposedPorts = true -}}
{{- end -}}
{{- end -}}
{{- if and (eq $exposedPorts false) (not .Values.hub.enabled) -}}
{{- fail "You need to expose at least one port or set enabled=false to service" -}}
{{- end -}}
{{- if and $exposedPorts (or $tcpPorts .Values.service.single) }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "traefik.fullname" . }}
namespace: {{ template "traefik.namespace" . }}
{{- template "traefik.service-metadata" . }}
annotations:
{{- with (merge .Values.service.annotationsTCP .Values.service.annotations) }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- template "traefik.service-spec" . }}
ports:
{{- template "traefik.service-ports" $tcpPorts }}
{{- if .Values.service.single }}
{{- template "traefik.service-ports" $udpPorts }}
{{- end }}
{{- end }}
{{- if and $exposedPorts (and $udpPorts (not .Values.service.single)) }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "traefik.fullname" . }}-udp
namespace: {{ template "traefik.namespace" . }}
{{- template "traefik.service-metadata" . }}
annotations:
{{- with (merge .Values.service.annotationsUDP .Values.service.annotations) }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- template "traefik.service-spec" . }}
ports:
{{- template "traefik.service-ports" $udpPorts }}
{{- end }}
{{- end -}}

69
部署应用/Oracle-Cloud/traefik-20.5.3/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,69 @@
{{- if .Values.metrics.prometheus }}
{{- if .Values.metrics.prometheus.serviceMonitor }}
{{- if (not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1")) }}
{{- fail "ERROR: You have to deploy monitoring.coreos.com/v1 first" }}
{{- end }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "traefik.fullname" . }}
{{- with .Values.metrics.prometheus.serviceMonitor.namespace }}
namespace: {{ . }}
{{- end }}
labels:
{{- if (and (.Values.metrics.prometheus.service).enabled (not .Values.hub.enabled)) }}
{{- include "traefik.metricsservicelabels" . | nindent 4 }}
{{- else }}
{{- include "traefik.labels" . | nindent 4 }}
{{- end }}
{{- with .Values.metrics.prometheus.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.metrics.prometheus.serviceMonitor.jobLabel | default .Release.Name }}
endpoints:
- port: metrics
path: /{{ .Values.metrics.prometheus.entryPoint }}
{{- with .Values.metrics.prometheus.serviceMonitor.honorLabels }}
honorLabels: {{ . }}
{{- end }}
{{- with .Values.metrics.prometheus.serviceMonitor.honorTimestamps }}
honorTimestamps: {{ . }}
{{- end }}
{{- with .Values.metrics.prometheus.serviceMonitor.enableHttp2 }}
enableHttp2: {{ . }}
{{- end }}
{{- with .Values.metrics.prometheus.serviceMonitor.followRedirects }}
followRedirects: {{ . }}
{{- end }}
{{- with .Values.metrics.prometheus.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.metrics.prometheus.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
{{- if .Values.metrics.prometheus.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.metrics.prometheus.serviceMonitor.metricRelabelings | indent 6) . }}
{{- end }}
{{- if .Values.metrics.prometheus.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.metrics.prometheus.serviceMonitor.relabelings | indent 6 }}
{{- end }}
{{- if .Values.metrics.prometheus.serviceMonitor.namespaceSelector }}
namespaceSelector:
{{ toYaml .Values.metrics.prometheus.serviceMonitor.namespaceSelector | indent 4 -}}
{{ else }}
namespaceSelector:
matchNames:
- {{ template "traefik.namespace" . }}
{{- end }}
selector:
matchLabels:
{{- if (and (.Values.metrics.prometheus.service).enabled (not .Values.hub.enabled)) }}
{{- include "traefik.metricslabelselector" . | nindent 6 }}
{{- else }}
{{- include "traefik.labelselector" . | nindent 6 }}
{{- end }}
{{- end }}
{{- end }}

12
部署应用/Oracle-Cloud/traefik-20.5.3/templates/tlsoption.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- range $name, $config := .Values.tlsOptions }}
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: {{ $name }}
namespace: {{ template "traefik.namespace" $ }}
labels:
{{- include "traefik.labels" $ | nindent 4 }}
spec:
{{- toYaml $config | nindent 2 }}
---
{{- end -}}

12
部署应用/Oracle-Cloud/traefik-20.5.3/templates/tlsstore.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- range $name, $config := .Values.tlsStore }}
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
name: {{ $name }}
namespace: {{ template "traefik.namespace" $ }}
labels:
{{- include "traefik.labels" $ | nindent 4 }}
spec:
{{- toYaml $config | nindent 2 }}
---
{{- end -}}