Search
Varnish Helm Chart
Introduction Changelog Varnish Enterprise Installation Configurations Resource Types Deploying Varnish DaemonSet Deployment StatefulSet Accessing Varnish ClusterIP HostPort LoadBalancer NodePort Integrating Varnish Varnish Controller Agent External VCL ConfigMap Varnish Controller Installation Configurations Resource Types Deploying Controller Internal services External NATS External PostgreSQL Accessing Controller Ingress

Installation

To get started with the Varnish Helm Chart, make sure Helm is already installed.

Adding Varnish Helm Chart repository

To add the Varnish Helm Chart repository to Helm:

$ helm repo add varnish https://packagecloud.io/varnishplus/60/helm --username <token> --password does-not-matter

Replace <token> with your Varnish Enterprise’s PackageCloud token.

Creating an Image Pull Secret

A pull secret must also be created to allow the Kubernetes cluster to download from the Varnish Docker repository.

Create a file named dockerconfig.json with the following content:

{
  "auths": {
    "https://quay.io": {
      "username": "<username>",
      "password": "<password>"
    }
  }
}

Replace <username> and <password> with your Varnish Docker image’s Quay.io credentials.

Then either use Kustomize or create the secret file manually.

Using Kustomize

To generate varnish-pull-secret using Kustomize, create a varnish-pull-secret directory and move dockerconfig.json into it:

$ mkdir -p varnish-pull-secret/
$ mv dockerconfig.json varnish-pull-secret/

Then create varnish-pull-secret/kustomization.yaml:

---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
  - name: varnish-pull-secret
    files:
      - .dockerconfigjson=dockerconfig.json
    type: kubernetes.io/dockerconfigjson

Once varnish-pull-secret/kustomization.yaml is created, it can now be deployed onto the cluster:

$ kubectl apply -k varnish-pull-secret

Note: Kustomize will create a secret with a unique name depending on the content of the secret file.

Manually

To manually generate varnish-pull-secret.yaml, run the following command:

$ DOCKERCONFIG_JSON_BASE64=$(base64 -w 0 < dockerconfig.json)
# on macOS, you may need to use base64 -b 0 < dockerconfig.json instead

$ cat <<EOF > varnish-pull-secret.yaml
---
apiVersion: v1
type: kubernetes.io/dockerconfigjson
kind: Secret
metadata:
  name: varnish-pull-secret
data:
  .dockerconfigjson: $DOCKERCONFIG_JSON_BASE64
EOF

Once varnish-pull-secret.yaml is created, it can now be deployed onto the cluster:

$ kubectl apply -f varnish-pull-secret.yaml

Creating a Varnish Controller license secret

A license is required to use Varnish Controller.

Obtain license.lic from the customer portal and either use Kustomize or create the secret file manually.

Using Kustomize

To generate varnish-controller-license using Kustomize, create varnish-controller-license directory and put license.lic in it.

$ mkdir varnish-controller-license
$ mv license.lic varnish-controller-license

Then create varnish-controller-license/kustomization.yaml:

---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
secretGenerator:
  - name: varnish-controller-license
    files:
      - license.lic=license.lic

Once varnish-controller-license/kustomization.yaml is created, it can now be deployed onto the cluster:

$ kubectl apply -k varnish-controller-license

Note that Kustomize will create a secret with a unique name depending on the content of the secret file.

Manually

To manually generate varnish-controller-license.yaml, run the following command:

$ LICENSELIC_JSON_BASE64=$(base64 -w 0 < license.lic)
# on macOS, you may need to use base64 -b 0 < license.lic instead

$ cat <<EOF > varnish-controller-license.yaml
---
apiVersion: v1
kind: Secret
metadata:
  name: varnish-controller-license
data:
  license.lic: $LICENSELIC_JSON_BASE64
EOF

Once varnish-controller-license.yaml is created, it can now be deployed onto the cluster:

$ kubectl apply -f varnish-controller-license.yaml

Deploying Varnish Controller

Create values.yaml for Varnish Controller with basic configuration:

---
global:
  imagePullSecrets:
    - name: varnish-pull-secret

brainz:
  licenseSecret: varnish-controller-license

ui:
  enabled: true

  ingress:
    enabled: true
    hosts:
      - host: varnish-controller.example.com
        paths: []

Deploy Varnish Controller:

$ helm install -f values.yaml varnish-controller varnish/varnish-controller

If a DNS record for varnish-controller.example.com is pointed to the Kubernetes Ingress, Varnish Controller should now be accessible from varnish-controller.example.com.

To retrieve the default admin password, run the following command:

kubectl get secrets -o jsonpath="{.data.varnish-admin-password}" varnish-controller-credentials | base64 --decode

Integrating with Varnish Enterprise

Integrating Varnish Controller with Varnish Enterprise requires running a Varnish Controller Agent as a sidecar to Varnish Enterprise. See also the Integrating Varnish Controller with Varnish Enterprise section in Varnish Enterprise Helm Chart.

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
News
Varnish Controller 6.1.1
Varnish Enterprise 6.0.12r9
Varnish Controller 6.1.0
Varnish Enterprise 6.0.12r8
Varnish Helm Chart 1.3.0
News archive