From fac7411cec41bbf6388b775d9c99796712271341 Mon Sep 17 00:00:00 2001
From: Kyle Michel <kylermichel@gmail.com>
Date: Wed, 27 Jan 2021 21:04:26 -0500
Subject: [PATCH] Add value for configuring a custom Diffie-Hellman parameters
 file

Revert chart version
---
 .../ingress-nginx/templates/controller-configmap.yaml  |  3 +++
 charts/ingress-nginx/templates/dh-param-secret.yaml    | 10 ++++++++++
 charts/ingress-nginx/values.yaml                       |  5 +++++
 3 files changed, 18 insertions(+)
 create mode 100644 charts/ingress-nginx/templates/dh-param-secret.yaml

diff --git a/charts/ingress-nginx/templates/controller-configmap.yaml b/charts/ingress-nginx/templates/controller-configmap.yaml
index 2ae715021..0706fa0eb 100644
--- a/charts/ingress-nginx/templates/controller-configmap.yaml
+++ b/charts/ingress-nginx/templates/controller-configmap.yaml
@@ -15,6 +15,9 @@ data:
 {{- if or .Values.controller.proxySetHeaders .Values.controller.headers }}
   proxy-set-headers: {{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-custom-proxy-headers
 {{- end }}
+{{- if .Values.dhParam }}
+  ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.controller.fullname" .) }}
+{{- end }}
 {{- range $key, $value := .Values.controller.config }}
     {{ $key | nindent 2 }}: {{ $value | quote }}
 {{- end }}
diff --git a/charts/ingress-nginx/templates/dh-param-secret.yaml b/charts/ingress-nginx/templates/dh-param-secret.yaml
new file mode 100644
index 000000000..12e7a4f63
--- /dev/null
+++ b/charts/ingress-nginx/templates/dh-param-secret.yaml
@@ -0,0 +1,10 @@
+{{- with .Values.dhParam -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "ingress-nginx.controller.fullname" $ }}
+  labels:
+    {{- include "ingress-nginx.labels" $ | nindent 4 }}
+data:
+  dhparam.pem: {{ . }}
+{{- end }}
diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml
index 28538d113..76f1404ff 100644
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@@ -731,3 +731,8 @@ tcp: {}
 ##
 udp: {}
 #  53: "kube-system/kube-dns:53"
+
+# A base64ed Diffie-Hellman parameter
+# This can be generated with: openssl dhparam 4096 2> /dev/null | base64
+# Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param
+dhParam: