DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

helm: add resources to opentelemetry init container (#10300)

Browse source
This commit is contained in:
František Hána 2023-09-12 04:36:12 +02:00 committed by GitHub
parent 300cff1437
commit 06c64bf567
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
charts/ingress-nginx/README.md
View file

@ -378,6 +378,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | controller.opentelemetry.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| controller.opentelemetry.enabled | bool | `false` | | | controller.opentelemetry.enabled | bool | `false` | |
| controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | | | controller.opentelemetry.image | string | `"registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | |
| controller.opentelemetry.resources | object | `{}` | |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |
| controller.podLabels | object | `{}` | Labels to add to the pod container metadata | | controller.podLabels | object | `{}` | Labels to add to the pod container metadata |
| controller.podSecurityContext | object | `{}` | Security Context policies for controller pods | | controller.podSecurityContext | object | `{}` | Security Context policies for controller pods |

3
charts/ingress-nginx/templates/_helpers.tpl
View file

@ -208,6 +208,9 @@ Extra modules.
{{- if .containerSecurityContext }} {{- if .containerSecurityContext }}
securityContext: {{ .containerSecurityContext | toYaml | nindent 4 }} securityContext: {{ .containerSecurityContext | toYaml | nindent 4 }}
{{- end }} {{- end }}
{{- if .resources }}
resources: {{ .resources | toYaml | nindent 4 }}
{{- end }}
volumeMounts: volumeMounts:
- name: {{ toYaml "modules"}} - name: {{ toYaml "modules"}}
mountPath: {{ toYaml "/modules_mount"}} mountPath: {{ toYaml "/modules_mount"}}

3
charts/ingress-nginx/templates/controller-deployment.yaml
View file

@ -192,7 +192,8 @@ spec:
{{- end }} {{- end }}
{{- if .Values.controller.opentelemetry.enabled}} {{- if .Values.controller.opentelemetry.enabled}}
{{- $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }} {{- $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }}
{{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" true) | nindent 8}} {{ $otelResources := $.Values.controller.opentelemetry.resources | default dict }}
{{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" true "resources" $otelResources) | nindent 8}}
{{- end}} {{- end}}
{{- end }} {{- end }}
{{- if .Values.controller.hostNetwork }} {{- if .Values.controller.hostNetwork }}

1
charts/ingress-nginx/values.yaml
View file

@ -577,6 +577,7 @@ controller:
image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
containerSecurityContext: containerSecurityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
resources: {}
admissionWebhooks: admissionWebhooks:
annotations: {} annotations: {}
# ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem". # ignore-check.kube-linter.io/no-read-only-rootfs: "This deployment needs write access to root filesystem".