TT-7086 - feat(helm): Add hostNetwork option

CHANGELOG.md

@@ -9,6 +9,10 @@
 - Documentation of snapshot tool, in order to explain how to use Snapshot with Docker.
 - Remove hardcoded TLS keys from integration tests to prevent possible CI failures.
 
+**Added**
+
+- Added hostNetwork Support [Issue #532](https://github.com/TykTechnologies/tyk-operator/issues/532)
+
 **Fixed**:
 - Remove ORGID from SecurityPolicy CRs while using Snapshot tool [#577](https://github.com/TykTechnologies/tyk-operator/pull/577).
 - Prevent reading Kubernetes config while using `operator snapshot` as a CLI command (this means you don't need to have a running Kubernetes cluster when running `operator snapshot`).

config/helm/manager_auth_proxy_patch.yaml

@@ -12,12 +12,12 @@ spec:
         - name: kube-rbac-proxy
           image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
           args:
-            - "--secure-listen-address=0.0.0.0:8443"
-            - "--upstream=http://127.0.0.1:8080/"
+            - "--secure-listen-address=0.0.0.0:CONTROLLER_MANAGER_RBAC_PORT"
+            - "--upstream=http://127.0.0.1:CONTROLLER_MANAGER_METRICS_PORT/"
             - "--logtostderr=true"
             - "--v=10"
           ports:
-            - containerPort: 8443
+            - containerPort: CONTROLLER_MANAGER_RBAC_PORT
               name: https
           resources:
             limits:

config/helm/manager_webhook_patch.yaml

@@ -9,7 +9,7 @@ spec:
       containers:
       - name: manager
         ports:
-        - containerPort: 9443
+        - containerPort: CONTROLLER_MANAGER_WEBHOOK_PORT
           name: webhook-server
           protocol: TCP
         volumeMounts:

config/manager/controller_manager_config.yaml

@@ -1,11 +1,11 @@
 apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
 kind: ControllerManagerConfig
 health:
-  healthProbeBindAddress: :8081
+  healthProbeBindAddress: :CONTROLLER_MANAGER_HEALTH_PROBE_PORT
 metrics:
-  bindAddress: 127.0.0.1:8080
+  bindAddress: 127.0.0.1:CONTROLLER_MANAGER_METRICS_PORT
 webhook:
-  port: 9443
+  port: CONTROLLER_MANAGER_WEBHOOK_PORT
 leaderElection:
   leaderElect: true
   resourceName: 91ad8c6e.tyk.io

config/manager/manager.yaml

@@ -24,6 +24,7 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
+      hostNetwork: CONTROLLER_MANAGER_HOST_NETWORK
       containers:
       - command:
         - /manager
@@ -34,13 +35,13 @@ spec:
         livenessProbe:
           httpGet:
             path: /healthz
-            port: 8081
+            port: CONTROLLER_MANAGER_HEALTH_PROBE_PORT
           initialDelaySeconds: 15
           periodSeconds: 20
         readinessProbe:
           httpGet:
             path: /readyz
-            port: 8081
+            port: CONTROLLER_MANAGER_HEALTH_PROBE_PORT
           initialDelaySeconds: 5
           periodSeconds: 10
         resources:

hack/helm/pre_helm.go

@@ -29,6 +29,11 @@ func main() {
 		{"IfNotPresent", "{{ .Values.image.pullPolicy }}"},
 		{"replicas: 1", "replicas: {{default 1 .Values.replicaCount }}"},
 		{"tykio/tyk-operator:latest", "{{ .Values.image.repository }}:{{ .Values.image.tag }}"},
+		{"CONTROLLER_MANAGER_HEALTH_PROBE_PORT", "{{ .Values.healthProbePort }}"},
+		{"CONTROLLER_MANAGER_METRICS_PORT", "{{ .Values.metricsPort }}"},
+		{"CONTROLLER_MANAGER_WEBHOOK_PORT", "{{ .Values.webhookPort }}"},
+		{"CONTROLLER_MANAGER_RBAC_PORT", "{{ .Values.rbac.port }}"},
+		{"CONTROLLER_MANAGER_HOST_NETWORK", "{{ .Values.hostNetwork | default false }}"},
 	}
 
 	for _, v := range m {

helm/values.yaml

@@ -15,6 +15,12 @@ image:
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
+# healthProbePort identifies the port the Controller Manager will listen on. Used by liveness and readiness probes
+healthProbePort: 8081
+# metricsPort identifies the port on which Tyk Operator metrics are served
+metricsPort: 8080
+# webhookPort identifies the port on which webhooks are handled
+webhookPort: 9443
 annotations: {}
 podAnnotations: {}
 podSecurityContext:
@@ -29,3 +35,4 @@ rbac:
     repository: gcr.io/kubebuilder/kube-rbac-proxy
     pullPolicy: IfNotPresent
     tag: "v0.8.0"
+  port: 8443