diff --git a/charts/capsule-proxy/README.md b/charts/capsule-proxy/README.md index 215f7b9..049e2d4 100644 --- a/charts/capsule-proxy/README.md +++ b/charts/capsule-proxy/README.md @@ -100,6 +100,7 @@ If you only need to make minor customizations, you can specify them on the comma | crds.keep | bool | `true` | Keep the CustomResourceDefinitions (when the chart is deleted) | | daemonset.hostNetwork | bool | `false` | Use the host network namespace for capsule-proxy pod. | | daemonset.hostPort | bool | `false` | Binding the capsule-proxy listening port to the host port. | +| env | list | `[]` | Additional environment variables | | hostNetwork | bool | `false` | When deployed as DaemonSet use | | image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. | | image.registry | string | `"ghcr.io"` | Set the image registry for capsule-proxy | @@ -121,11 +122,13 @@ If you only need to make minor customizations, you can specify them on the comma | jobs.topologySpreadConstraints | list | `[]` | Set Topology Spread Constraints | | jobs.ttlSecondsAfterFinished | int | `60` | Sets the ttl in seconds after a finished certgen job is deleted. Set to -1 to never delete. | | kind | string | `"Deployment"` | Set the deployment mode of the capsule-proxy as `Deployment` or `DaemonSet`. | +| livenessProbe | object | `{"enabled":true,"httpGet":{"path":"/healthz/","port":"probe","scheme":"HTTP"},"initialDelaySeconds":20}` | Proxy Liveness-Probe | | nodeSelector | object | `{}` | Set the node selector for the capsule-proxy pod. | | podAnnotations | object | `{}` | Annotations to add to the capsule-proxy pod. | | podLabels | object | `{}` | Labels to add to the capsule-proxy pod. | | podSecurityContext | object | `{"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the capsule-proxy pod. | | priorityClassName | string | `""` | Specifies PriorityClass of the capsule-proxy pod. | +| readinessProbe | object | `{"enabled":true,"httpGet":{"path":"/readyz/","port":"probe","scheme":"HTTP"},"initialDelaySeconds":5}` | Proxy Readyness-Probe | | replicaCount | int | `1` | Set the replica count for capsule-proxy pod. | | resources.limits.cpu | string | `"200m"` | Set the CPU requests assigned to the controller. | | resources.limits.memory | string | `"128Mi"` | Set the memory requests assigned to the controller. | @@ -138,6 +141,8 @@ If you only need to make minor customizations, you can specify them on the comma | serviceAccount.name | string | `capsule-proxy`` | The name of the service account to use. If not set and `serviceAccount.create=true`, a name is generated using the fullname template | | tolerations | list | `[]` | Set list of tolerations for the capsule-proxy pod. | | topologySpreadConstraints | list | `[]` | Topology Spread Constraints for the capsule-proxy pod. | +| volumeMounts | list | `[]` | Additional volume mounts | +| volumes | list | `[]` | Additional volumes | ### Controller Options Parameters diff --git a/charts/capsule-proxy/templates/_pod.tpl b/charts/capsule-proxy/templates/_pod.tpl index 7de583c..3ea6f57 100644 --- a/charts/capsule-proxy/templates/_pod.tpl +++ b/charts/capsule-proxy/templates/_pod.tpl @@ -24,8 +24,11 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 4 }} priorityClassName: {{ .Values.priorityClassName }} - {{- if .Values.options.enableSSL }} volumes: + {{- with .Values.volumes }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- if .Values.options.enableSSL }} - name: certs secret: secretName: {{ .Values.options.certificateVolumeName | default (include "capsule-proxy.fullname" .) }} @@ -61,6 +64,10 @@ spec: {{- with .Values.options.extraArgs }} {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.env }} + env: + {{- toYaml . | nindent 4 }} + {{- end }} ports: - name: proxy protocol: TCP @@ -76,20 +83,21 @@ spec: - name: probe containerPort: 8081 protocol: TCP - readinessProbe: - httpGet: - path: /readyz/ - port: probe - scheme: HTTP + {{- if .Values.livenessProbe.enabled }} livenessProbe: - httpGet: - path: /healthz/ - port: probe - scheme: HTTP + {{- toYaml (omit .Values.livenessProbe "enabled") | nindent 6 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + {{- toYaml (omit .Values.readinessProbe "enabled") | nindent 6 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} - {{- if .Values.options.enableSSL }} volumeMounts: + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.options.enableSSL }} - mountPath: {{ .Values.options.SSLDirectory }} name: certs {{- end }} diff --git a/charts/capsule-proxy/values.yaml b/charts/capsule-proxy/values.yaml index 1c4852a..134bb5f 100644 --- a/charts/capsule-proxy/values.yaml +++ b/charts/capsule-proxy/values.yaml @@ -73,6 +73,24 @@ topologySpreadConstraints: [] # matchLabels: # app.kubernetes.io/name: capsule-proxy +# -- Proxy Readyness-Probe +readinessProbe: + enabled: true + initialDelaySeconds: 5 + httpGet: + path: /readyz/ + port: probe + scheme: HTTP + +# -- Proxy Liveness-Probe +livenessProbe: + enabled: true + initialDelaySeconds: 20 + httpGet: + path: /healthz/ + port: probe + scheme: HTTP + # Set a pod priorityClassName # priorityClassName: system-node-critical # -- Specifies PriorityClass of the capsule-proxy pod. @@ -106,6 +124,16 @@ resources: # -- Set the memory limits assigned to the controller. memory: 128Mi +# -- Additional environment variables +env: [] + +# -- Additional volumes +volumes: [] + +# -- Additional volume mounts +volumeMounts: [] + + # Controller Options options: # -- Set the listening port of the capsule-proxy @@ -144,6 +172,8 @@ options: clientConnectionBurst: 30 # -- A list of extra arguments to add to the capsule-proxy. extraArgs: [] + # -"--feature-gates=ProxyClusterScoped=true" + # -"--feature-gates=ProxyAllNamespaced=true" jobs: certs: