feat: Support setting gateway.unprivilegedPortSupported manually

alibaba · Dec 21, 2024 · 01f9357 · 01f9357
1 parent 4eaf204
commit 01f9357
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/helm/core/templates/daemonset.yaml b/helm/core/templates/daemonset.yaml
@@ -1,16 +1,18 @@
 {{- if eq .Values.gateway.kind "DaemonSet" -}}
 {{- $o11y := .Values.global.o11y  }}
-{{- $unprivilegedPortSupported := true }}
-{{- range $index, $node := (lookup "v1" "Node" "default" "").items }}
+{{- if eq .Values.gateway.unprivilegedPortSupported nil -}}
+  {{- $unprivilegedPortSupported := true }}
+  {{- range $index, $node := (lookup "v1" "Node" "default" "").items }}
     {{- $kernelVersion := $node.status.nodeInfo.kernelVersion }}
     {{- if $kernelVersion }}
       {{- $kernelVersion = regexFind "^(\\d+\\.\\d+\\.\\d+)" $kernelVersion }}
       {{- if and $kernelVersion (semverCompare "<4.11.0" $kernelVersion) }}
       {{- $unprivilegedPortSupported = false }}
       {{- end }}
     {{- end }}
+  {{- end -}}
+  {{- $_ := set .Values.gateway "unprivilegedPortSupported" $unprivilegedPortSupported -}}
 {{- end -}}
-{{- $_ := set .Values.gateway "unprivilegedPortSupported" $unprivilegedPortSupported -}}
 
 apiVersion: apps/v1
 kind: DaemonSet

diff --git a/helm/core/templates/deployment.yaml b/helm/core/templates/deployment.yaml
@@ -1,15 +1,17 @@
 {{- if eq .Values.gateway.kind "Deployment" -}}
-{{- $unprivilegedPortSupported := true }}
-{{- range $index, $node := (lookup "v1" "Node" "default" "").items }}
+{{- if eq .Values.gateway.unprivilegedPortSupported nil -}}
+  {{- $unprivilegedPortSupported := true }}
+  {{- range $index, $node := (lookup "v1" "Node" "default" "").items }}
     {{- $kernelVersion := $node.status.nodeInfo.kernelVersion }}
     {{- if $kernelVersion }}
       {{- $kernelVersion = regexFind "^(\\d+\\.\\d+\\.\\d+)" $kernelVersion }}
       {{- if and $kernelVersion (semverCompare "<4.11.0" $kernelVersion) }}
       {{- $unprivilegedPortSupported = false }}
       {{- end }}
     {{- end }}
+  {{- end -}}
+  {{- $_ := set .Values.gateway "unprivilegedPortSupported" $unprivilegedPortSupported -}}
 {{- end -}}
-{{- $_ := set .Values.gateway "unprivilegedPortSupported" $unprivilegedPortSupported -}}
 
 apiVersion: apps/v1
 kind: Deployment

diff --git a/helm/core/values.yaml b/helm/core/values.yaml
@@ -465,6 +465,7 @@ gateway:
   # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl.
   securityContext: ~
   containerSecurityContext: ~
+  unprivilegedPortSupported: ~
 
   service:
     # -- Type of service. Set to "None" to disable the service entirely