Add aws-load-balancer-controller Helm chart

Author: Fawad Khaliq

helm/aws-load-balancer-controller/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+crds/kustomization.yaml

helm/aws-load-balancer-controller/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+name: aws-load-balancer-controller
+description: AWS Load Balancer Controller Helm chart for Kubernetes
+version: 1.2.2
+appVersion: v2.2.0
+home: https://github.com/aws/eks-charts
+icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
+sources:
+  - https://github.com/aws/eks-charts
+maintainers:
+  - name: kishorj
+    url: https://github.com/kishorj
+    email: [email protected]
+  - name: m00nf1sh
+    url: https://github.com/m00nf1sh
+    email: [email protected]
+keywords:
+  - eks
+  - alb
+  - load balancer
+  - ingress
+  - nlb

helm/aws-load-balancer-controller/README.md

@@ -0,0 +1 @@
+--set clusterName=k8s-ci-cluster

helm/aws-load-balancer-controller/ci/extra_args

@@ -0,0 +1,7 @@
+# CI testing values for aws-load-balancer-controller
+
+region: us-west-2
+image:
+  repository: kishorj/aws-load-balancer-controller
+  tag: v2.0.0-rc1
+  pullPolicy: Always

helm/aws-load-balancer-controller/ci/values.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- crds.yaml

helm/aws-load-balancer-controller/crds/crds.yaml

@@ -0,0 +1 @@
+AWS Load Balancer controller installed!

helm/aws-load-balancer-controller/crds/kustomization.yaml

@@ -0,0 +1,93 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "aws-load-balancer-controller.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "aws-load-balancer-controller.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "aws-load-balancer-controller.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Chart name prefix for resource names
+Strip the "-controller" suffix from the default .Chart.Name if the nameOverride is not specified.
+This enables using a shorter name for the resources, for example aws-load-balancer-webhook.
+*/}}
+{{- define "aws-load-balancer-controller.namePrefix" -}}
+{{- $defaultNamePrefix := .Chart.Name | trimSuffix "-controller" -}}
+{{- default $defaultNamePrefix .Values.nameOverride | trunc 42 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "aws-load-balancer-controller.labels" -}}
+helm.sh/chart: {{ include "aws-load-balancer-controller.chart" . }}
+{{ include "aws-load-balancer-controller.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "aws-load-balancer-controller.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "aws-load-balancer-controller.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "aws-load-balancer-controller.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "aws-load-balancer-controller.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate certificates for webhook
+*/}}
+{{- define "aws-load-balancer-controller.gen-certs" -}}
+{{- $namePrefix := ( include "aws-load-balancer-controller.namePrefix" . ) -}}
+{{- $altNames := list ( printf "%s-%s.%s" $namePrefix "webhook-service" .Release.Namespace ) ( printf "%s-%s.%s.svc" $namePrefix "webhook-service" .Release.Namespace ) -}}
+{{- $ca := genCA "aws-load-balancer-controller-ca" 3650 -}}
+{{- $cert := genSignedCert ( include "aws-load-balancer-controller.fullname" . ) nil $altNames 3650 $ca -}}
+caCert: {{ $ca.Cert | b64enc }}
+clientCert: {{ $cert.Cert | b64enc }}
+clientKey: {{ $cert.Key | b64enc }}
+{{- end -}}
+
+{{/*
+Convert map to comma separated key=value string
+*/}}
+{{- define "aws-load-balancer-controller.convert-map-to-csv" -}}
+{{- range $key, $value := . -}} {{ $key }}={{ $value }}, {{- end -}}
+{{- end -}}

helm/aws-load-balancer-controller/templates/NOTES.txt

@@ -0,0 +1,173 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "aws-load-balancer-controller.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "aws-load-balancer-controller.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "aws-load-balancer-controller.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "aws-load-balancer-controller.selectorLabels" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- toYaml .Values.podLabels | nindent 8 }}
+        {{- end }}
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "{{ (split ":" .Values.metricsBindAddr)._1 | default 8080 }}"
+        {{- if .Values.podAnnotations }}
+        {{- toYaml .Values.podAnnotations | nindent 8 }}
+        {{- end }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "aws-load-balancer-controller.serviceAccountName" . }}
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: {{ template "aws-load-balancer-controller.namePrefix" . }}-tls
+      {{- with .Values.extraVolumes }}
+      {{ toYaml . | nindent 6 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if .Values.hostNetwork }}
+      hostNetwork: true
+      {{- end }}
+      containers:
+      - name: {{ .Chart.Name }}
+        args:
+        - --cluster-name={{ required "Chart cannot be installed without a valid clusterName!" .Values.clusterName }}
+        {{- if .Values.ingressClass }}
+        - --ingress-class={{ .Values.ingressClass }}
+        {{- end }}
+        {{- if .Values.region }}
+        - --aws-region={{ .Values.region }}
+        {{- end }}
+        {{- if .Values.vpcId }}
+        - --aws-vpc-id={{ .Values.vpcId }}
+        {{- end }}
+        {{- if .Values.awsMaxRetries }}
+        - --aws-max-retries={{ .Values.awsMaxRetries }}
+        {{- end }}
+        {{- if kindIs "bool" .Values.enablePodReadinessGateInject }}
+        - --enable-pod-readiness-gate-inject={{ .Values.enablePodReadinessGateInject }}
+        {{- end }}
+        {{- if kindIs "bool" .Values.enableShield }}
+        - --enable-shield={{ .Values.enableShield }}
+        {{- end }}
+        {{- if kindIs "bool" .Values.enableWaf }}
+        - --enable-waf={{ .Values.enableWaf }}
+        {{- end }}
+        {{- if kindIs "bool" .Values.enableWafv2 }}
+        - --enable-wafv2={{ .Values.enableWafv2 }}
+        {{- end }}
+        {{- if .Values.metricsBindAddr }}
+        - --metrics-bind-addr={{ .Values.metricsBindAddr }}
+        {{- end }}
+        {{- if .Values.ingressMaxConcurrentReconciles }}
+        - --ingress-max-concurrent-reconciles={{ .Values.ingressMaxConcurrentReconciles }}
+        {{- end }}
+        {{- if .Values.serviceMaxConcurrentReconciles }}
+        - --service-max-concurrent-reconciles={{ .Values.serviceMaxConcurrentReconciles }}
+        {{- end }}
+        {{- if .Values.targetgroupbindingMaxConcurrentReconciles }}
+        - --targetgroupbinding-max-concurrent-reconciles={{ .Values.targetgroupbindingMaxConcurrentReconciles }}
+        {{- end }}
+        {{- if .Values.logLevel }}
+        - --log-level={{ .Values.logLevel }}
+        {{- end }}
+        {{- if .Values.webhookBindPort }}
+        - --webhook-bind-port={{ .Values.webhookBindPort }}
+        {{- end }}
+        {{- if .Values.syncPeriod }}
+        - --sync-period={{ .Values.syncPeriod }}
+        {{- end }}
+        {{- if .Values.watchNamespace }}
+        - --watch-namespace={{ .Values.watchNamespace }}
+        {{- end }}
+        {{- if kindIs "bool" .Values.disableIngressClassAnnotation }}
+        - --disable-ingress-class-annotation={{ .Values.disableIngressClassAnnotation }}
+        {{- end }}
+        {{- if kindIs "bool" .Values.disableIngressGroupNameAnnotation }}
+        - --disable-ingress-group-name-annotation={{ .Values.disableIngressGroupNameAnnotation }}
+        {{- end }}
+        {{- if .Values.defaultSSLPolicy }}
+        - --default-ssl-policy={{ .Values.defaultSSLPolicy }}
+        {{- end }}
+        {{- if .Values.externalManagedTags }}
+        - --external-managed-tags={{ join "," .Values.externalManagedTags }}
+        {{- end }}
+        {{- if .Values.defaultTags }}
+        - --default-tags={{ include "aws-load-balancer-controller.convert-map-to-csv" .Values.defaultTags | trimSuffix "," }}
+        {{- end }}
+        {{- if .Values.env }}
+        env:
+        {{- range $key, $value := .Values.env }}
+        - name: {{ $key }}
+          value: "{{ $value }}"
+        {{- end }}
+        {{- end }}
+        command:
+        - /controller
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+        {{- with .Values.extraVolumeMounts }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+        ports:
+        - name: webhook-server
+          containerPort: {{ .Values.webhookBindPort | default 9443 }}
+          protocol: TCP
+        - name: metrics-server
+          containerPort: {{ (split ":" .Values.metricsBindAddr)._1 | default 8080 }}
+          protocol: TCP
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        {{- with .Values.livenessProbe }}
+        livenessProbe:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity:
+        {{- toYaml .Values.affinity | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: app.kubernetes.io/name
+                  operator: In
+                  values:
+                  - {{ include "aws-load-balancer-controller.name" . }}
+              topologyKey: kubernetes.io/hostname
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}

helm/aws-load-balancer-controller/templates/_helpers.tpl

@@ -0,0 +1,13 @@
+{{- if and .Values.podDisruptionBudget (gt (int .Values.replicaCount) 1) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "aws-load-balancer-controller.fullname" . }}
+  labels:
+    {{- include "aws-load-balancer-controller.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "aws-load-balancer-controller.selectorLabels" . | nindent 6 }}
+  {{- toYaml .Values.podDisruptionBudget | nindent 2 }}
+{{- end }}