DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use recommended labels and label helpers

Browse source 
Signed-off-by: Naseem <naseem@transit.app>
This commit is contained in:
Naseem 2020-02-26 23:27:28 -05:00
parent d8f84fde6a
commit 003039f23c
No known key found for this signature in database
GPG key ID: 2002385E8036EAAE
37 changed files with 164 additions and 260 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
charts/ingress-nginx/templates/_helpers.tpl
View file

@ -61,6 +61,26 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "nginx-ingress.labels" -}}
helm.sh/chart: {{ include "nginx-ingress.chart" . }}
{{ include "nginx-ingress.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "nginx-ingress.selectorLabels" -}}
app.kubernetes.io/name: {{ include "nginx-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the controller service account to use
*/}}
@ -114,4 +134,4 @@ Return the appropriate apiVersion for podSecurityPolicy.
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{- end -}}

9
charts/ingress-nginx/templates/addheaders-configmap.yaml
View file

@ -3,12 +3,9 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}-custom-add-headers
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ include "nginx-ingress.fullname" . }}-custom-add-headers
data:
{{ toYaml .Values.controller.addHeaders | indent 2 }}
{{- end }}

11
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
View file

@ -2,16 +2,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
rules:
- apiGroups:
- admissionregistration.k8s.io
@ -25,6 +22,6 @@ rules:
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "nginx-ingress.fullname" . }}-admission
- {{ include "nginx-ingress.fullname" . }}-admission
{{- end }}
{{- end }}

13
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
View file

@ -2,22 +2,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
subjects:
- kind: ServiceAccount
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
{{- end }}

20
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
View file

@ -2,16 +2,13 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission-create
name: {{ include "nginx-ingress.fullname" . }}-admission-create
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
@ -19,17 +16,14 @@ spec:
{{- end }}
template:
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission-create
name: {{ include "nginx-ingress.fullname" . }}-admission-create
{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
spec:
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
@ -44,7 +38,7 @@ spec:
- --namespace={{ .Release.Namespace }}
- --secret-name={{ template "nginx-ingress.fullname". }}-admission
restartPolicy: OnFailure
serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
serviceAccountName: {{ include "nginx-ingress.fullname" . }}-admission
{{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}

22
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
View file

@ -2,16 +2,13 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission-patch
name: {{ include "nginx-ingress.fullname" . }}-admission-patch
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
@ -19,17 +16,14 @@ spec:
{{- end }}
template:
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission-patch
name: {{ include "nginx-ingress.fullname" . }}-admission-patch
{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
spec:
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
@ -40,13 +34,13 @@ spec:
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }}
args:
- patch
- --webhook-name={{ template "nginx-ingress.fullname" . }}-admission
- --webhook-name={{ include "nginx-ingress.fullname" . }}-admission
- --namespace={{ .Release.Namespace }}
- --patch-mutating=false
- --secret-name={{ template "nginx-ingress.fullname". }}-admission
- --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
restartPolicy: OnFailure
serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
serviceAccountName: {{ include "nginx-ingress.fullname" . }}-admission
{{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}

9
charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
View file

@ -2,16 +2,13 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
spec:
allowPrivilegeEscalation: false
fsGroup:

9
charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
View file

@ -2,16 +2,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
rules:
- apiGroups:
- ""

13
charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
View file

@ -2,22 +2,19 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
subjects:
- kind: ServiceAccount
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
namespace: {{ .Release.Namespace }}
{{- end }}

9
charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
View file

@ -2,14 +2,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission
name: {{ include "nginx-ingress.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
{{- end }}

9
charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
View file

@ -3,12 +3,9 @@ apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}-admission
chart: {{ template "nginx-ingress.chart" . }}
component: "admission-webhook"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}-admission
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
name: {{ include "nginx-ingress.fullname" . }}-admission
webhooks:
- name: validate.nginx.ingress.kubernetes.io
rules:

7
charts/ingress-nginx/templates/clusterrole.yaml
View file

@ -3,11 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
name: {{ include "nginx-ingress.fullname" . }}
rules:
- apiGroups:
- ""

9
charts/ingress-nginx/templates/clusterrolebinding.yaml
View file

@ -3,15 +3,12 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
name: {{ include "nginx-ingress.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "nginx-ingress.fullname" . }}
name: {{ include "nginx-ingress.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "nginx-ingress.serviceAccountName" . }}

11
charts/ingress-nginx/templates/controller-configmap.yaml
View file

@ -3,20 +3,17 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
annotations:
{{ toYaml .Values.controller.configAnnotations | indent 4}}
name: {{ template "nginx-ingress.controller.fullname" . }}
data:
{{- if .Values.controller.addHeaders }}
add-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-add-headers
add-headers: {{ .Release.Namespace }}/{{ include "nginx-ingress.fullname" . }}-custom-add-headers
{{- end }}
{{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
proxy-set-headers: {{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
proxy-set-headers: {{ .Release.Namespace }}/{{ include "nginx-ingress.fullname" . }}-custom-proxy-headers
{{- end }}
{{- if .Values.controller.config }}
{{ toYaml .Values.controller.config | indent 2 }}

22
charts/ingress-nginx/templates/controller-daemonset.yaml
View file

@ -5,19 +5,16 @@ apiVersion: {{ template "deployment.apiVersion" . }}
kind: DaemonSet
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ template "nginx-ingress.controller.fullname" . }}
annotations:
annotations:
{{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
spec:
selector:
matchLabels:
app: {{ template "nginx-ingress.name" . }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
updateStrategy:
{{ toYaml .Values.controller.updateStrategy | indent 4 }}
@ -31,9 +28,8 @@ spec:
{{- end }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8}}
{{- end }}
@ -88,10 +84,10 @@ spec:
- --nginx-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }}
{{- end }}
{{- if .Values.tcp }}
- --tcp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
- --tcp-services-configmap={{ .Release.Namespace }}/{{ include "nginx-ingress.fullname" . }}-tcp
{{- end }}
{{- if .Values.udp }}
- --udp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-udp
- --udp-services-configmap={{ .Release.Namespace }}/{{ include "nginx-ingress.fullname" . }}-udp
{{- end }}
{{- if .Values.controller.scope.enabled }}
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}

20
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -3,19 +3,16 @@ apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ template "nginx-ingress.controller.fullname" . }}
annotations:
{{ toYaml .Values.controller.deploymentAnnotations | indent 4}}
spec:
selector:
matchLabels:
app: {{ template "nginx-ingress.name" . }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
{{- if not .Values.controller.autoscaling.enabled }}
replicas: {{ .Values.controller.replicaCount }}
{{- end }}
@ -32,9 +29,8 @@ spec:
{{- end }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8 }}
{{- end }}
@ -89,10 +85,10 @@ spec:
- --nginx-configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }}
{{- end }}
{{- if .Values.tcp }}
- --tcp-services-configmap={{ default .Release.Namespace .Values.controller.tcp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-tcp
- --tcp-services-configmap={{ default .Release.Namespace .Values.controller.tcp.configMapNamespace }}/{{ include "nginx-ingress.fullname" . }}-tcp
{{- end }}
{{- if .Values.udp }}
- --udp-services-configmap={{ default .Release.Namespace .Values.controller.udp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-udp
- --udp-services-configmap={{ default .Release.Namespace .Values.controller.udp.configMapNamespace }}/{{ include "nginx-ingress.fullname" . }}-udp
{{- end }}
{{- if .Values.controller.scope.enabled }}
- --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }}

7
charts/ingress-nginx/templates/controller-hpa.yaml
View file

@ -4,11 +4,8 @@ apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ template "nginx-ingress.controller.fullname" . }}
spec:
scaleTargetRef:

12
charts/ingress-nginx/templates/controller-metrics-service.yaml
View file

@ -12,11 +12,8 @@ metadata:
{{- if .Values.controller.metrics.service.labels }}
{{ toYaml .Values.controller.metrics.service.labels | indent 4 }}
{{- end }}
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ template "nginx-ingress.controller.fullname" . }}-metrics
spec:
{{- if not .Values.controller.metrics.service.omitClusterIP }}
@ -40,8 +37,7 @@ spec:
port: {{ .Values.controller.metrics.service.servicePort }}
targetPort: metrics
selector:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
type: "{{ .Values.controller.metrics.service.type }}"
{{- end }}

12
charts/ingress-nginx/templates/controller-poddisruptionbudget.yaml
View file

@ -3,17 +3,13 @@ apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ template "nginx-ingress.controller.fullname" . }}
spec:
selector:
matchLabels:
app: {{ template "nginx-ingress.name" . }}
release: {{ .Release.Name }}
component: "{{ .Values.controller.name }}"
{{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
minAvailable: {{ .Values.controller.minAvailable }}
{{- end }}

7
charts/ingress-nginx/templates/controller-prometheusrules.yaml
View file

@ -7,11 +7,8 @@ metadata:
namespace: {{ .Values.controller.metrics.prometheusRule.namespace }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
{{- if .Values.controller.metrics.prometheusRule.additionalLabels }}
{{ toYaml .Values.controller.metrics.prometheusRule.additionalLabels | indent 4 }}
{{- end }}

8
charts/ingress-nginx/templates/controller-psp.yaml
View file

@ -2,12 +2,10 @@
apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "nginx-ingress.fullname" . }}
name: {{ include "nginx-ingress.fullname" . }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
spec:
allowedCapabilities:
- NET_BIND_SERVICE

10
charts/ingress-nginx/templates/controller-role.yaml
View file

@ -3,11 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ include "nginx-ingress.fullname" . }}
rules:
- apiGroups:
- ""
@ -85,7 +83,7 @@ rules:
- apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "nginx-ingress.fullname" . }}]
resourceNames: [{{ include "nginx-ingress.fullname" . }}]
{{- end }}
{{- end -}}

10
charts/ingress-nginx/templates/controller-rolebinding.yaml
View file

@ -3,15 +3,13 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ include "nginx-ingress.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "nginx-ingress.fullname" . }}
name: {{ include "nginx-ingress.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "nginx-ingress.serviceAccountName" . }}

12
charts/ingress-nginx/templates/controller-service.yaml
View file

@ -12,11 +12,8 @@ metadata:
{{- if .Values.controller.service.labels }}
{{ toYaml .Values.controller.service.labels | indent 4 }}
{{- end }}
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ template "nginx-ingress.controller.fullname" . }}
spec:
{{- if not .Values.controller.service.omitClusterIP }}
@ -87,8 +84,7 @@ spec:
{{- end }}
{{- end }}
selector:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
type: "{{ .Values.controller.service.type }}"
{{- end }}

6
charts/ingress-nginx/templates/controller-serviceaccount.yaml
View file

@ -3,9 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ template "nginx-ingress.serviceAccountName" . }}
{{- end -}}

12
charts/ingress-nginx/templates/controller-servicemonitor.yaml
View file

@ -7,11 +7,8 @@ metadata:
namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
{{- if .Values.controller.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.controller.metrics.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
@ -32,7 +29,6 @@ spec:
{{- end }}
selector:
matchLabels:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
{{- end }}

12
charts/ingress-nginx/templates/controller-webhook-service.yaml
View file

@ -9,11 +9,8 @@ metadata:
{{- end }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ template "nginx-ingress.controller.fullname" . }}-admission
spec:
{{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }}
@ -37,8 +34,7 @@ spec:
port: 443
targetPort: webhook
selector:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.controller.name }}"
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
type: "{{ .Values.controller.admissionWebhooks.service.type }}"
{{- end }}

16
charts/ingress-nginx/templates/default-backend-deployment.yaml
View file

@ -3,17 +3,14 @@ apiVersion: {{ template "deployment.apiVersion" . }}
kind: Deployment
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.defaultBackend.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
spec:
selector:
matchLabels:
app: {{ template "nginx-ingress.name" . }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
replicas: {{ .Values.defaultBackend.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
@ -25,9 +22,8 @@ spec:
{{- end }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.defaultBackend.name }}"
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
{{- if .Values.defaultBackend.podLabels }}
{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
{{- end }}

12
charts/ingress-nginx/templates/default-backend-poddisruptionbudget.yaml
View file

@ -3,17 +3,13 @@ apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.defaultBackend.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
spec:
selector:
matchLabels:
app: {{ template "nginx-ingress.name" . }}
release: {{ .Release.Name }}
component: "{{ .Values.defaultBackend.name }}"
{{- include "nginx-ingress.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
minAvailable: {{ .Values.defaultBackend.minAvailable }}
{{- end }}

8
charts/ingress-nginx/templates/default-backend-psp.yaml
View file

@ -2,12 +2,10 @@
apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "nginx-ingress.fullname" . }}-backend
name: {{ include "nginx-ingress.fullname" . }}-backend
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
spec:
allowPrivilegeEscalation: false
fsGroup:

10
charts/ingress-nginx/templates/default-backend-role.yaml
View file

@ -3,14 +3,12 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}-backend
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
name: {{ include "nginx-ingress.fullname" . }}-backend
rules:
- apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "nginx-ingress.fullname" . }}-backend]
resourceNames: [{{ include "nginx-ingress.fullname" . }}-backend]
{{- end -}}

10
charts/ingress-nginx/templates/default-backend-rolebinding.yaml
View file

@ -3,15 +3,13 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}-backend
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
name: {{ include "nginx-ingress.fullname" . }}-backend
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "nginx-ingress.fullname" . }}-backend
name: {{ include "nginx-ingress.fullname" . }}-backend
subjects:
- kind: ServiceAccount
name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}

12
charts/ingress-nginx/templates/default-backend-service.yaml
View file

@ -9,11 +9,8 @@ metadata:
{{- end }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.defaultBackend.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
spec:
{{- if not .Values.defaultBackend.service.omitClusterIP }}
@ -38,8 +35,7 @@ spec:
protocol: TCP
targetPort: http
selector:
app: {{ template "nginx-ingress.name" . }}
component: "{{ .Values.defaultBackend.name }}"
release: {{ .Release.Name }}
{{- include "nginx-ingress.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
type: "{{ .Values.defaultBackend.service.type }}"
{{- end }}

6
charts/ingress-nginx/templates/default-backend-serviceaccount.yaml
View file

@ -3,9 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.defaultBackend.name | quote }}
name: {{ template "nginx-ingress.defaultBackend.serviceAccountName" . }}
{{- end }}

9
charts/ingress-nginx/templates/proxyheaders-configmap.yaml
View file

@ -3,12 +3,9 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nginx-ingress.fullname" . }}-custom-proxy-headers
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
name: {{ include "nginx-ingress.fullname" . }}-custom-proxy-headers
data:
{{- if .Values.controller.proxySetHeaders }}
{{ toYaml .Values.controller.proxySetHeaders | indent 2 }}

9
charts/ingress-nginx/templates/tcp-configmap.yaml
View file

@ -3,14 +3,11 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
annotations:
{{ toYaml .Values.controller.tcp.annotations | indent 4}}
name: {{ template "nginx-ingress.fullname" . }}-tcp
name: {{ include "nginx-ingress.fullname" . }}-tcp
data:
{{ tpl (toYaml .Values.tcp) . | indent 2 }}
{{- end }}

9
charts/ingress-nginx/templates/udp-configmap.yaml
View file

@ -3,14 +3,11 @@ apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- include "nginx-ingress.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ .Values.controller.name | quote }}
annotations:
{{ toYaml .Values.controller.udp.annotations | indent 4}}
name: {{ template "nginx-ingress.fullname" . }}-udp
name: {{ include "nginx-ingress.fullname" . }}-udp
data:
{{ tpl (toYaml .Values.udp) . | indent 2 }}
{{- end }}