Skip to content

Commit

Permalink
Showing 10 changed files with 249 additions and 102 deletions.
4 changes: 2 additions & 2 deletions stable/aws-load-balancer-controller/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v2
name: aws-load-balancer-controller
description: AWS Load Balancer Controller Helm chart for Kubernetes
version: 1.3.3
appVersion: v2.3.1
version: 1.4.0
appVersion: v2.4.0
home: https://github.com/aws/eks-charts
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
sources:
156 changes: 88 additions & 68 deletions stable/aws-load-balancer-controller/README.md

Large diffs are not rendered by default.

34 changes: 28 additions & 6 deletions stable/aws-load-balancer-controller/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -72,12 +72,27 @@ Create the name of the service account to use
{{- end -}}
{{- end -}}

{{/*
Create the name of the webhook service
*/}}
{{- define "aws-load-balancer-controller.webhookService" -}}
{{- printf "%s-webhook-service" (include "aws-load-balancer-controller.namePrefix" .) -}}
{{- end -}}

{{/*
Create the name of the webhook cert secret
*/}}
{{- define "aws-load-balancer-controller.webhookCertSecret" -}}
{{- printf "%s-tls" (include "aws-load-balancer-controller.namePrefix" .) -}}
{{- end -}}

{{/*
Generate certificates for webhook
*/}}
{{- define "aws-load-balancer-controller.webhook-certs" -}}
{{- $namePrefix := ( include "aws-load-balancer-controller.namePrefix" . ) -}}
{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-tls" $namePrefix) -}}
{{- define "aws-load-balancer-controller.webhookCerts" -}}
{{- $serviceName := (include "aws-load-balancer-controller.webhookService" .) -}}
{{- $secretName := (include "aws-load-balancer-controller.webhookCertSecret" .) -}}
{{- $secret := lookup "v1" "Secret" .Release.Namespace $secretName -}}
{{- if (and .Values.webhookTLS.caCert .Values.webhookTLS.cert .Values.webhookTLS.key) -}}
caCert: {{ .Values.webhookTLS.caCert | b64enc }}
clientCert: {{ .Values.webhookTLS.cert | b64enc }}
@@ -87,9 +102,9 @@ caCert: {{ index $secret.data "ca.crt" }}
clientCert: {{ index $secret.data "tls.crt" }}
clientKey: {{ index $secret.data "tls.key" }}
{{- else -}}
{{- $altNames := list ( printf "%s-%s.%s" $namePrefix "webhook-service" .Release.Namespace ) ( printf "%s-%s.%s.svc" $namePrefix "webhook-service" .Release.Namespace ) -}}
{{- $altNames := list (printf "%s.%s" $serviceName .Release.Namespace) (printf "%s.%s.svc" $serviceName .Release.Namespace) (printf "%s.%s.svc.cluster.local" $serviceName .Release.Namespace) -}}
{{- $ca := genCA "aws-load-balancer-controller-ca" 3650 -}}
{{- $cert := genSignedCert ( include "aws-load-balancer-controller.fullname" . ) nil $altNames 3650 $ca -}}
{{- $cert := genSignedCert (include "aws-load-balancer-controller.fullname" .) nil $altNames 3650 $ca -}}
caCert: {{ $ca.Cert | b64enc }}
clientCert: {{ $cert.Cert | b64enc }}
clientKey: {{ $cert.Key | b64enc }}
@@ -99,6 +114,13 @@ clientKey: {{ $cert.Key | b64enc }}
{{/*
Convert map to comma separated key=value string
*/}}
{{- define "aws-load-balancer-controller.convert-map-to-csv" -}}
{{- define "aws-load-balancer-controller.convertMapToCsv" -}}
{{- range $key, $value := . -}} {{ $key }}={{ $value }}, {{- end -}}
{{- end -}}

{{/*
Create the name of the ingressClassParams
*/}}
{{- define "aws-load-balancer-controller.ingressClassParamsName" -}}
{{ default .Values.ingressClass .Values.ingressClassParams.name }}
{{- end -}}
4 changes: 2 additions & 2 deletions stable/aws-load-balancer-controller/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -37,7 +37,7 @@ spec:
- name: cert
secret:
defaultMode: 420
secretName: {{ template "aws-load-balancer-controller.namePrefix" . }}-tls
secretName: {{ template "aws-load-balancer-controller.webhookCertSecret" . }}
{{- with .Values.extraVolumes }}
{{ toYaml . | nindent 6 }}
{{- end }}
@@ -120,7 +120,7 @@ spec:
- --external-managed-tags={{ join "," .Values.externalManagedTags }}
{{- end }}
{{- if .Values.defaultTags }}
- --default-tags={{ include "aws-load-balancer-controller.convert-map-to-csv" .Values.defaultTags | trimSuffix "," }}
- --default-tags={{ include "aws-load-balancer-controller.convertMapToCsv" .Values.defaultTags | trimSuffix "," }}
{{- end }}
{{- if kindIs "bool" .Values.enableEndpointSlices }}
- --enable-endpoint-slices={{ .Values.enableEndpointSlices }}
Original file line number Diff line number Diff line change
@@ -7,4 +7,10 @@ metadata:
{{- include "aws-load-balancer-controller.labels" . | nindent 4 }}
spec:
controller: ingress.k8s.aws/alb
{{- if or .Values.ingressClassParams.create .Values.ingressClassParams.name }}
parameters:
apiGroup: elbv2.k8s.aws
kind: IngressClassParams
name: {{ include "aws-load-balancer-controller.ingressClassParamsName" . }}
{{- end }}
{{- end }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{- if .Values.ingressClassParams.create }}
apiVersion: elbv2.k8s.aws/v1beta1
kind: IngressClassParams
metadata:
name: {{ include "aws-load-balancer-controller.ingressClassParamsName" . }}
labels:
{{- include "aws-load-balancer-controller.labels" . | nindent 4 }}
{{- if .Values.ingressClassParams.spec }}
spec:
{{ toYaml .Values.ingressClassParams.spec | nindent 2}}
{{- end }}
{{- end }}
28 changes: 26 additions & 2 deletions stable/aws-load-balancer-controller/templates/service.yaml
Original file line number Diff line number Diff line change
@@ -1,17 +1,41 @@
{{- if.Values.serviceMonitor.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "aws-load-balancer-controller.namePrefix" . }}-webhook-service
name: {{ template "aws-load-balancer-controller.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- with .Values.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{ include "aws-load-balancer-controller.labels" . | indent 4 }}
{{- include "aws-load-balancer-controller.labels" . | nindent 4 }}
spec:
ports:
- port: 8080
name: metrics-server
targetPort: metrics-server
selector:
{{- include "aws-load-balancer-controller.selectorLabels" . | nindent 4 }}
---
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "aws-load-balancer-controller.webhookService" . }}
namespace: {{ .Release.Namespace }}
{{- with .Values.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "aws-load-balancer-controller.labels" . | nindent 4 }}
app.kubernetes.io/component: webhook
prometheus.io/service-monitor: "false"
spec:
ports:
- port: 443
name: webhook-server
targetPort: webhook-server
selector:
{{- include "aws-load-balancer-controller.selectorLabels" . | nindent 4 }}
30 changes: 30 additions & 0 deletions stable/aws-load-balancer-controller/templates/servicemonitor.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{{- if.Values.serviceMonitor.enabled -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "aws-load-balancer-controller.fullname" . }}
labels:
{{- include "aws-load-balancer-controller.labels" . | nindent 4 }}
{{- with .Values.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Release.Name }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "aws-load-balancer-controller.selectorLabels" . | nindent 6 }}
matchExpressions:
- key: prometheus.io/service-monitor
operator: NotIn
values:
- "false"
endpoints:
- port: metrics-server
path: /metrics
{{- with .Values.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- end -}}
37 changes: 18 additions & 19 deletions stable/aws-load-balancer-controller/templates/webhook.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
{{ $tls := fromYaml ( include "aws-load-balancer-controller.webhook-certs" . ) }}
{{ $tls := fromYaml ( include "aws-load-balancer-controller.webhookCerts" . ) }}
---
{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
apiVersion: admissionregistration.k8s.io/v1
{{- else }}
apiVersion: admissionregistration.k8s.io/v1beta1
{{- end }}
kind: MutatingWebhookConfiguration
metadata:
{{- if $.Values.enableCertManager }}
@@ -18,7 +14,7 @@ webhooks:
- clientConfig:
caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }}
service:
name: {{ template "aws-load-balancer-controller.namePrefix" . }}-webhook-service
name: {{ template "aws-load-balancer-controller.webhookService" . }}
namespace: {{ $.Release.Namespace }}
path: /mutate-v1-pod
failurePolicy: Fail
@@ -37,6 +33,13 @@ webhooks:
operator: NotIn
values:
- {{ include "aws-load-balancer-controller.name" . }}
{{- if .Values.objectSelector.matchExpressions }}
{{- toYaml .Values.objectSelector.matchExpressions | nindent 4 }}
{{- end }}
{{- if .Values.objectSelector.matchLabels }}
matchLabels:
{{- toYaml .Values.objectSelector.matchLabels | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- ""
@@ -50,7 +53,7 @@ webhooks:
- clientConfig:
caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }}
service:
name: {{ template "aws-load-balancer-controller.namePrefix" . }}-webhook-service
name: {{ template "aws-load-balancer-controller.webhookService" . }}
namespace: {{ $.Release.Namespace }}
path: /mutate-elbv2-k8s-aws-v1beta1-targetgroupbinding
failurePolicy: Fail
@@ -69,11 +72,7 @@ webhooks:
- targetgroupbindings
sideEffects: None
---
{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
apiVersion: admissionregistration.k8s.io/v1
{{- else }}
apiVersion: admissionregistration.k8s.io/v1beta1
{{- end }}
kind: ValidatingWebhookConfiguration
metadata:
{{- if $.Values.enableCertManager }}
@@ -87,7 +86,7 @@ webhooks:
- clientConfig:
caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }}
service:
name: {{ template "aws-load-balancer-controller.namePrefix" . }}-webhook-service
name: {{ template "aws-load-balancer-controller.webhookService" . }}
namespace: {{ $.Release.Namespace }}
path: /validate-elbv2-k8s-aws-v1beta1-targetgroupbinding
failurePolicy: Fail
@@ -108,9 +107,9 @@ webhooks:
- clientConfig:
caBundle: {{ if not $.Values.enableCertManager -}}{{ $tls.caCert }}{{- else -}}Cg=={{ end }}
service:
name: {{ template "aws-load-balancer-controller.namePrefix" . }}-webhook-service
name: {{ template "aws-load-balancer-controller.webhookService" . }}
namespace: {{ $.Release.Namespace }}
path: /validate-networking-v1beta1-ingress
path: /validate-networking-v1-ingress
failurePolicy: Fail
matchPolicy: Equivalent
name: vingress.elbv2.k8s.aws
@@ -120,7 +119,7 @@ webhooks:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1beta1
- v1
operations:
- CREATE
- UPDATE
@@ -132,7 +131,7 @@ webhooks:
apiVersion: v1
kind: Secret
metadata:
name: {{ template "aws-load-balancer-controller.namePrefix" . }}-tls
name: {{ template "aws-load-balancer-controller.webhookCertSecret" . }}
namespace: {{ .Release.Namespace }}
labels:
{{ include "aws-load-balancer-controller.labels" . | indent 4 }}
@@ -155,12 +154,12 @@ metadata:
{{ include "aws-load-balancer-controller.labels" . | indent 4 }}
spec:
dnsNames:
- {{ template "aws-load-balancer-controller.namePrefix" . }}-webhook-service.{{ .Release.Namespace }}.svc
- {{ template "aws-load-balancer-controller.namePrefix" . }}-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
- {{ template "aws-load-balancer-controller.webhookService" . }}.{{ .Release.Namespace }}.svc
- {{ template "aws-load-balancer-controller.webhookService" . }}.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: {{ template "aws-load-balancer-controller.namePrefix" . }}-selfsigned-issuer
secretName: {{ template "aws-load-balancer-controller.namePrefix" . }}-tls
secretName: {{ template "aws-load-balancer-controller.webhookCertSecret" . }}
---
{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
apiVersion: cert-manager.io/v1
40 changes: 37 additions & 3 deletions stable/aws-load-balancer-controller/values.yaml
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ replicaCount: 2

image:
repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller
tag: v2.3.1
tag: v2.4.0
pullPolicy: IfNotPresent

imagePullSecrets: []
@@ -87,9 +87,25 @@ enableCertManager: false
# ingresses without ingress class annotation and ingresses of type alb
ingressClass: alb

# ingressClassParams specify the IngressCLassParams that enforce settings for a set of Ingresses when using with ingress Controller.
ingressClassParams:
create: true
# The name of ingressClassParams resource will be referred in ingressClass
name:
spec: {}
# You always can set specifications in `helm install` command through `--set` or `--set-string`
# If you do want to specify specifications in values.yaml, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'spec:'.
# namespaceSelector:
# matchLabels:
# group:
# scheme:
# ipAddressType:
# tags:

# To use IngressClass resource instead of annotation, before you need to install the IngressClass resource pointing to controller.
# If specified as true, the IngressClass resource will be created.
createIngressClassResource: false
createIngressClassResource: true

# The AWS region for the kubernetes cluster. Set to use KIAM or kube2iam for example.
region:
@@ -134,7 +150,7 @@ webhookTLS:
key:

# keepTLSSecret specifies whether to reuse existing TLS secret for chart upgrade
keepTLSSecret: false
keepTLSSecret: true

# Maximum number of concurrently running reconcile loops for service (default 3)
serviceMaxConcurrentReconciles:
@@ -232,3 +248,21 @@ backendSecurityGroup:

# disableRestrictedSecurityGroupRules specifies whether to disable creating port-range restricted security group rules for traffic
disableRestrictedSecurityGroupRules:

# objectSelector for webhook
objectSelector:
matchExpressions:
# - key: <key>
# operator: <operator>
# values:
# - <value>
matchLabels:
# key: value

serviceMonitor:
# Specifies whether a service monitor should be created
enabled: false
# Labels to add to the service account
additionalLabels: {}
# Prometheus scrape interval
interval: 1m

0 comments on commit 2f47238

Please sign in to comment.