Set default gateway replicas to 1 and default affinity to null

hashicorp · Nov 11, 2022 · 7a5fc07 · 7a5fc07
1 parent 437eee1
commit 7a5fc07
Showing 1 changed file with 94 additions and 70 deletions.
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
@@ -77,7 +77,7 @@ global:
   #   - name: pull-secret-name-2
   # ```
   # @type: array<map>
-  imagePullSecrets: []
+  imagePullSecrets: [ ]
 
   # The name (and tag) of the consul-k8s-control-plane Docker
   # image that is used for functionality such as catalog sync.
@@ -250,7 +250,7 @@ global:
           # webhooks.
           # @type: string
           secretName: null
-          
+
         # Configuration to the Vault Secret that Kubernetes will use on 
         # Kubernetes CRD creation, deletion, and update, to get CA certificates
         # used issued from vault to send webhooks to the controller.
@@ -264,7 +264,7 @@ global:
         # Configuration to the Vault Secret that Kubernetes will use on 
         # Kubernetes pod creation, deletion, and update, to get CA certificates
         # used issued from vault to send webhooks to the ConnectInject.
-        caCert: 
+        caCert:
           # The Vault secret path that contains the CA certificate for
           # Connect Inject webhooks.
           # @type: string
@@ -316,7 +316,7 @@ global:
   # See https://www.consul.io/docs/agent/config/cli-flags#_recursor for more details.
   # If this is an empty array (the default), then Consul DNS will only resolve queries for the Consul top level domain (by default `.consul`).
   # @type: array<string>
-  recursors: []
+  recursors: [ ]
 
   # Enables TLS (https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure)
   # across the cluster to verify authenticity of the Consul servers and clients.
@@ -336,13 +336,13 @@ global:
     # in the server certificate. This is useful when you need to access the
     # Consul server(s) externally, for example, if you're using the UI.
     # @type: array<string>
-    serverAdditionalDNSSANs: []
+    serverAdditionalDNSSANs: [ ]
 
     # A list of additional IP addresses to set as Subject Alternative Names (SANs)
     # in the server certificate. This is useful when you need to access the
     # Consul server(s) externally, for example, if you're using the UI.
     # @type: array<string>
-    serverAdditionalIPSANs: []
+    serverAdditionalIPSANs: [ ]
 
     # If true, `verify_outgoing`, `verify_server_hostname`,
     # and `verify_incoming` for internal RPC communication will be set to `true` for Consul servers and clients.
@@ -518,7 +518,7 @@ global:
     # A list of addresses of the primary mesh gateways in the form `<ip>:<port>`.
     # (e.g. ["1.1.1.1:443", "2.3.4.5:443"]
     # @type: array<string>
-    primaryGateways: []
+    primaryGateways: [ ]
 
     # If you are setting `global.federation.enabled` to true and are in a secondary datacenter,
     # set `k8sAuthMethodHost` to the address of the Kubernetes API server of the secondary datacenter.
@@ -910,7 +910,7 @@ server:
   #   with `-config-dir`. This defaults to false.
   #
   # @type: array<map>
-  extraVolumes: []
+  extraVolumes: [ ]
 
   # A list of sidecar containers.
   # Example:
@@ -923,7 +923,7 @@ server:
   #    - ...
   # ```
   # @type: array<map>
-  extraContainers: []
+  extraContainers: [ ]
 
   # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
   # for server pods. It defaults to allowing only a single server pod on each node, which
@@ -1077,7 +1077,7 @@ server:
   # feature, in case kubernetes cluster is behind egress http proxies. Additionally,
   # it could be used to configure custom consul parameters.
   # @type: map
-  extraEnvironmentVars: {}
+  extraEnvironmentVars: { }
 
   # [Enterprise Only] Values for setting up and running snapshot agents
   # (https://consul.io/commands/snapshot/agent)
@@ -1147,7 +1147,7 @@ externalServers:
   # should be the same, however, they may be different if you
   # wish to use separate hosts for the HTTPS connections.
   # @type: array<string>
-  hosts: []
+  hosts: [ ]
 
   # The HTTPS port of the Consul servers.
   httpsPort: 8501
@@ -1345,7 +1345,7 @@ client:
   #   with `-config-dir`. This defaults to false.
   #
   # @type: array<map>
-  extraVolumes: []
+  extraVolumes: [ ]
 
   # A list of sidecar containers.
   # Example:
@@ -1358,7 +1358,7 @@ client:
   #    - ...
   # ```
   # @type: array<map>
-  extraContainers: []
+  extraContainers: [ ]
 
   # Toleration Settings for Client pods
   # This should be a multi-line string matching the Toleration array
@@ -1436,7 +1436,7 @@ client:
   # feature, in case kubernetes cluster is behind egress http proxies. Additionally,
   # it could be used to configure custom consul parameters.
   # @type: map
-  extraEnvironmentVars: {}
+  extraEnvironmentVars: { }
 
   # This value defines the Pod DNS policy (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy)
   # for client pods to use.
@@ -1593,7 +1593,7 @@ ui:
     # ```
     #
     # @type: array<map>
-    hosts: []
+    hosts: [ ]
 
     # tls is a list of hosts and secret name in an Ingress
     # which tells the Ingress controller to secure the channel.
@@ -1605,7 +1605,7 @@ ui:
     #     secretName: testsecret-tls
     # ```
     # @type: array<map>
-    tls: []
+    tls: [ ]
 
     # Annotations to apply to the UI ingress.
     #
@@ -1695,7 +1695,7 @@ syncCatalog:
   #
   # Note: `k8sDenyNamespaces` takes precedence over values defined here.
   # @type: array<string>
-  k8sAllowNamespaces: ["*"]
+  k8sAllowNamespaces: [ "*" ]
 
   # List of k8s namespaces that should not have their
   # services synced. This list takes precedence over `k8sAllowNamespaces`.
@@ -1705,7 +1705,7 @@ syncCatalog:
   # `["namespace1", "namespace2"]`, then all k8s namespaces besides `namespace1`
   # and `namespace2` will be synced.
   # @type: array<string>
-  k8sDenyNamespaces: ["kube-system", "kube-public"]
+  k8sDenyNamespaces: [ "kube-system", "kube-public" ]
 
   # [DEPRECATED] Use k8sAllowNamespaces and k8sDenyNamespaces instead. For
   # backwards compatibility, if both this and the allow/deny lists are set,
@@ -1880,7 +1880,7 @@ syncCatalog:
   #
   # @type: string
   annotations: null
-  
+
 # Configures the automatic Connect sidecar injector.
 connectInject:
   # True if you want to enable connect injection. Set to "-" to inherit from
@@ -1919,7 +1919,7 @@ connectInject:
 
   # This configures the PodDisruptionBudget (https://kubernetes.io/docs/tasks/run-application/configure-pdb/)
   # for the service mesh sidecar injector.
-  disruptionBudget: 
+  disruptionBudget:
     # This will enable/disable registering a PodDisruptionBudget for the 
     # service mesh sidecar injector. If this is enabled, it will only register the budget so long as
     # the service mesh is enabled.
@@ -1947,7 +1947,7 @@ connectInject:
 
     # Log level for the installer and plugin. Overrides global.logLevel
     # @type: string
-    logLevel: null 
+    logLevel: null
 
     # Location on the kubernetes node where the CNI plugin is installed. Shoud be the absolute path and start with a '/'
     # Example on GKE:
@@ -1973,7 +1973,7 @@ connectInject:
     # Please refer to the [Multus Quickstart Guide](https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/quickstart.md)
     # for more information about using multus. 
     # @type: string
-    multus: false 
+    multus: false
 
     # The resource settings for CNI installer daemonset.
     # @recurse: false
@@ -2158,7 +2158,7 @@ connectInject:
   # `namespaceSelector` takes precedence over both since it is applied first.
   # `kube-system` and `kube-public` are never injected, even if included here.
   # @type: array<string>
-  k8sAllowNamespaces: ["*"]
+  k8sAllowNamespaces: [ "*" ]
 
   # List of k8s namespaces that should not allow Connect
   # sidecar injection. This list takes precedence over `k8sAllowNamespaces`.
@@ -2171,7 +2171,7 @@ connectInject:
   # Note: `namespaceSelector` takes precedence over this since it is applied first.
   # `kube-system` and `kube-public` are never injected.
   # @type: array<string>
-  k8sDenyNamespaces: []
+  k8sDenyNamespaces: [ ]
 
   # [Enterprise Only] These settings manage the connect injector's interaction with
   # Consul namespaces (requires consul-ent v1.7+).
@@ -2312,7 +2312,7 @@ meshGateway:
   enabled: false
 
   # Number of replicas for the Deployment.
-  replicas: 2
+  replicas: 1
 
   # What gets registered as WAN address for the gateway.
   wanAddress:
@@ -2447,18 +2447,26 @@ meshGateway:
         memory: "50Mi"
         cpu: "50m"
 
-  # By default, we set an anti-affinity so that two gateway pods won't be
-  # on the same node. NOTE: Gateways require that Consul client agents are
-  # also running on the nodes alongside each gateway pod.
-  affinity: |
-    podAntiAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        - labelSelector:
-            matchLabels:
-              app: {{ template "consul.name" . }}
-              release: "{{ .Release.Name }}"
-              component: mesh-gateway
-          topologyKey: kubernetes.io/hostname
+  # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
+  # for mesh gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer
+  # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value
+  # to the value in the example below.
+  #
+  # Example:
+  #
+  # ```yaml
+  #  affinity: |
+  #    podAntiAffinity:
+  #      requiredDuringSchedulingIgnoredDuringExecution:
+  #        - labelSelector:
+  #            matchLabels:
+  #              app: {{ template "consul.name" . }}
+  #              release: "{{ .Release.Name }}"
+  #              component: mesh-gateway
+  #          topologyKey: kubernetes.io/hostname
+  # ```
+  # @type: string
+  affinity: null
 
   # Optional YAML string to specify tolerations.
   # @type: string
@@ -2522,7 +2530,7 @@ ingressGateways:
   # for a specific gateway.
   defaults:
     # Number of replicas for each ingress gateway defined.
-    replicas: 2
+    replicas: 1
 
     # The service options configure the Service that fronts the gateway Deployment.
     service:
@@ -2540,10 +2548,10 @@ ingressGateways:
       # @default: [{port: 8080, port: 8443}]
       # @recurse: false
       ports:
-        - port: 8080
-          nodePort: null
-        - port: 8443
-          nodePort: null
+      - port: 8080
+        nodePort: null
+      - port: 8443
+        nodePort: null
 
       # Annotations to apply to the ingress gateway service. Annotations defined
       # here will be applied to all ingress gateway services in addition to any
@@ -2586,18 +2594,26 @@ ingressGateways:
         memory: "100Mi"
         cpu: "100m"
 
-    # By default, we set an anti-affinity so that two of the same gateway pods
-    # won't be on the same node. NOTE: Gateways require that Consul client agents are
-    # also running on the nodes alongside each gateway pod.
-    affinity: |
-      podAntiAffinity:
-        requiredDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchLabels:
-                app: {{ template "consul.name" . }}
-                release: "{{ .Release.Name }}"
-                component: ingress-gateway
-            topologyKey: kubernetes.io/hostname
+    # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
+    # for ingress gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer
+    # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value
+    # to the value in the example below.
+    #
+    # Example:
+    #
+    # ```yaml
+    #  affinity: |
+    #    podAntiAffinity:
+    #      requiredDuringSchedulingIgnoredDuringExecution:
+    #        - labelSelector:
+    #            matchLabels:
+    #              app: {{ template "consul.name" . }}
+    #              release: "{{ .Release.Name }}"
+    #              component: ingress-gateway
+    #          topologyKey: kubernetes.io/hostname
+    # ```
+    # @type: string
+    affinity: null
 
     # Optional YAML string to specify tolerations.
     # @type: string
@@ -2659,7 +2675,7 @@ ingressGateways:
   # case of annotations where both will be applied.
   # @type: array<map>
   gateways:
-    - name: ingress-gateway
+  - name: ingress-gateway
 
 # Configuration options for terminating gateways. Default values for all
 # terminating gateways are defined in `terminatingGateways.defaults`. Any of
@@ -2680,7 +2696,7 @@ terminatingGateways:
   # for a specific gateway.
   defaults:
     # Number of replicas for each terminating gateway defined.
-    replicas: 2
+    replicas: 1
 
     # A list of extra volumes to mount. These will be exposed to Consul in the path `/consul/userconfig/<name>/`.
     #
@@ -2695,7 +2711,7 @@ terminatingGateways:
     #         path: path # secret will now mount to /consul/userconfig/my-secret/path
     # ```
     # @type: array<map>
-    extraVolumes: []
+    extraVolumes: [ ]
 
     # Resource limits for all terminating gateway pods
     # @recurse: false
@@ -2708,18 +2724,26 @@ terminatingGateways:
         memory: "100Mi"
         cpu: "100m"
 
-    # By default, we set an anti-affinity so that two of the same gateway pods
-    # won't be on the same node. NOTE: Gateways require that Consul client agents are
-    # also running on the nodes alongside each gateway pod.
-    affinity: |
-      podAntiAffinity:
-        requiredDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchLabels:
-                app: {{ template "consul.name" . }}
-                release: "{{ .Release.Name }}"
-                component: terminating-gateway
-            topologyKey: kubernetes.io/hostname
+    # This value defines the affinity (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
+    # for terminating gateway pods. It defaults to `null` thereby allowing multiple gateway pods on each node. But if one would prefer
+    # a mode which minimizes risk of the cluster becoming unusable if a node is lost, set this value
+    # to the value in the example below.
+    #
+    # Example:
+    #
+    # ```yaml
+    #  affinity: |
+    #    podAntiAffinity:
+    #      requiredDuringSchedulingIgnoredDuringExecution:
+    #        - labelSelector:
+    #            matchLabels:
+    #              app: {{ template "consul.name" . }}
+    #              release: "{{ .Release.Name }}"
+    #              component: terminating-gateway
+    #          topologyKey: kubernetes.io/hostname
+    # ```
+    # @type: string
+    affinity: null
 
     # Optional YAML string to specify tolerations.
     # @type: string
@@ -2792,7 +2816,7 @@ terminatingGateways:
   # case of annotations where both will be applied.
   # @type: array<map>
   gateways:
-    - name: terminating-gateway
+  - name: terminating-gateway
 
 # Configuration settings for the Consul API Gateway integration
 apiGateway: